packages/giflib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!18 fix CVE-2022-28506

Browse Source 
From: @duyiwei7w 
Reviewed-by: @dou33 
Signed-off-by: @dou33
This commit is contained in:
openeuler-ci-bot 2022-06-16 01:33:39 +00:00 committed by Gitee
commit 36b76a671b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2022-28506.patch Normal file
View File

@ -0,0 +1,31 @@
From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Wed, 15 Jun 2022 14:46:24 +0800
Subject: [PATCH] CVE-2022-28506
Signed-off-by: duyiwei <duyiwei@kylinos.cn>
---
gif2rgb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/gif2rgb.c b/gif2rgb.c
index ccbc0aa..87c413e 100644
--- a/gif2rgb.c
+++ b/gif2rgb.c
@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
GifRow = ScreenBuffer[i];
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
- ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+ /* Check if color is within color palete */
+ if (GifRow[j] >= ColorMap->ColorCount)
+ {
+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
+ }
+ ColorMapEntry = &ColorMap->Colors[GifRow[j]];
*BufferP++ = ColorMapEntry->Red;
*BufferP++ = ColorMapEntry->Green;
*BufferP++ = ColorMapEntry->Blue;
--
2.33.0

6
giflib.spec
View File

@ -2,7 +2,7 @@
Name: giflib Name: giflib
Version: 5.2.1 Version: 5.2.1
Release: 4 Release: 5
Summary: A library and utilities for processing GIFs Summary: A library and utilities for processing GIFs
License: MIT License: MIT
URL: http://www.sourceforge.net/projects/giflib/ URL: http://www.sourceforge.net/projects/giflib/
@ -14,6 +14,7 @@ Patch0:giflib_quantize.patch
Patch1:giflib_coverity.patch Patch1:giflib_coverity.patch
# Generate HTML docs with consistent section IDs to avoid multilib difference # Generate HTML docs with consistent section IDs to avoid multilib difference
Patch2:giflib_html-docs-consistent-ids.patch Patch2:giflib_html-docs-consistent-ids.patch
Patch3:CVE-2022-28506.patch
BuildRequires: make xmlto gcc BuildRequires: make xmlto gcc
provides: giflib-utils provides: giflib-utils
@ -73,6 +74,9 @@ rm -f %{buildroot}/debugsourcefiles.list
%{_bindir}/gif* %{_bindir}/gif*
%changelog %changelog
* Wed Jun 15 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-5
- fix CVE-2022-28506
* Sat Sep 4 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.2.1-4 * Sat Sep 4 2021 zhanzhimin <zhanzhimin@huawei.com> - 5.2.1-4
- strip binary files - strip binary files