- Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb).
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
Change-Id: I8fcf54bb71c5fb55e79a4c4150d348098984977b
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>
+Repository head
+===============
+
+Code Fixes
+----------
+
+* Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb).
+
Version 5.1.2
=============
Version 5.1.2
=============
GifFile->SColorMap = NULL;
}
GifFile->SColorMap = NULL;
}
+ /*
+ * No check here for whether the background color is in range for the
+ * screen color map. Possibly there should be.
+ */
+
I (ESR) took this off the main to-do list in 2012 because I don't think
the GIFLIB project actually needs to be in the converters-and-tools business.
I (ESR) took this off the main to-do list in 2012 because I don't think
the GIFLIB project actually needs to be in the converters-and-tools business.
-Plenty of hackers do that; our jub is to supply stable library capability
+Plenty of hackers do that; our job is to supply stable library capability
with our utilities mainly interesting as test tools.
***************************************************************************/
with our utilities mainly interesting as test tools.
***************************************************************************/
+ /* check that the background color isn't garbage (SF bug #87) */
+ if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) {
+ fprintf(stderr, "Background color out of range for colormap\n");
+ exit(EXIT_FAILURE);
+ }
+
DumpScreen2RGB(OutFileName, OneFileFlag,
ColorMap,
ScreenBuffer,
DumpScreen2RGB(OutFileName, OneFileFlag,
ColorMap,
ScreenBuffer,