From: Jiyong Min <jiyong.min@samsung.com>
Date: Fri, 28 Apr 2017 09:18:07 +0000 (+0900)
Subject: Apply CVE-2016-3177 Use-after-free in gifcolor
X-Git-Tag: accepted/tizen/4.0/unified/20170816.010915^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fheads%2Ftizen_5.5_mobile_hotfix;p=platform%2Fupstream%2Fgiflib.git

Apply CVE-2016-3177 Use-after-free in gifcolor
Remove unnecessary duplicate EGifClose(). (Fixes SF bug #83)

Multiple use-after-free and double-free vulnerabilities in gifcolor.c
in GIFLIB 5.1.2 have unspecified impact and attack vectors.
https://nvd.nist.gov/vuln/detail/CVE-2016-3177

Change-Id: I24e077f2a3fbd6554d2557c4bdd94e06e3e08661
Signed-off-by: Jiyong Min <jiyong.min@samsung.com>
---

diff --git a/util/gifcolor.c b/util/gifcolor.c
index 1700b07..b3e586b 100644
--- a/util/gifcolor.c
+++ b/util/gifcolor.c
@@ -123,9 +123,6 @@ int main(int argc, char **argv)
     if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR)
     {
 	PrintGifError(ErrorCode);
-	if (GifFile != NULL) {
-	    EGifCloseFile(GifFile, NULL);
-	}
 	exit(EXIT_FAILURE);
     }