!39 Fix CVE-2021-40633

From: @cn-lwj Reviewed-by: @dou33 Signed-off-by: @dou33
2024-05-15 15:34:22 +00:00 · 2024-05-15 15:34:22 +00:00 · 8a0d02e289
commit 8a0d02e289
parent 88dcb4cbea b3034393b8
2 changed files with 18 additions and 1 deletions
--- a/CVE-2021-40633.patch
+++ b/CVE-2021-40633.patch
@ -0,0 +1,13 @@
 diff -urN giflib-5.2.1/gif2rgb.c giflib-5.2.1-bak/gif2rgb.c
 --- giflib-5.2.1/gif2rgb.c	2024-05-14 16:38:28.259385838 +0800
 +++ giflib-5.2.1-bak/gif2rgb.c	2024-05-14 16:40:04.629090800 +0800
@@ -498,6 +498,9 @@
 		   ScreenBuffer, 
 		   GifFile->SWidth, GifFile->SHeight);
 +    for (i = 0; i < GifFile->SHeight; i++) {
 +	    (void)free(ScreenBuffer[i]);
 +    }
     (void)free(ScreenBuffer);
     if (DGifCloseFile(GifFile, &Error) == GIF_ERROR) {
--- a/giflib.spec
+++ b/giflib.spec
@ -2,7 +2,7 @@
 Name:          giflib
 Version:       5.2.1
-Release:       7
+Release:       8
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@ -16,6 +16,7 @@ Patch1:giflib_coverity.patch
 Patch2:giflib_html-docs-consistent-ids.patch
 Patch3:CVE-2022-28506.patch
 Patch4:CVE-2023-39742.patch
 Patch5:CVE-2021-40633.patch
 BuildRequires: make xmlto gcc
 provides:      giflib-utils
@ -75,6 +76,9 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*
 %changelog
 * Tue May 14 2024 liwenjie <liwenjie@kylinos.cn> - 5.2.1-8
 - Fix CVE-2021-40633
 * Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-7
 - Fix CVE-2023-39742