Fix CVE-2021-40633

2024-05-14 18:10:33 +08:00 · 2024-05-14 18:10:33 +08:00 · b3034393b8
commit b3034393b8
parent 88dcb4cbea
2 changed files with 18 additions and 1 deletions
--- a/CVE-2021-40633.patch
+++ b/CVE-2021-40633.patch
@ -0,0 +1,13 @@
+diff -urN giflib-5.2.1/gif2rgb.c giflib-5.2.1-bak/gif2rgb.c
+--- giflib-5.2.1/gif2rgb.c	2024-05-14 16:38:28.259385838 +0800
+++ giflib-5.2.1-bak/gif2rgb.c	2024-05-14 16:40:04.629090800 +0800
+@@ -498,6 +498,9 @@
+ 		   ScreenBuffer, 
+ 		   GifFile->SWidth, GifFile->SHeight);
+ 
+    for (i = 0; i < GifFile->SHeight; i++) {
+	    (void)free(ScreenBuffer[i]);
+    }
+     (void)free(ScreenBuffer);
+ 
+     if (DGifCloseFile(GifFile, &Error) == GIF_ERROR) {
--- a/giflib.spec
+++ b/giflib.spec
@ -2,7 +2,7 @@

 Name:          giflib
 Version:       5.2.1
-Release:       7
+Release:       8
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@ -16,6 +16,7 @@ Patch1:giflib_coverity.patch
 Patch2:giflib_html-docs-consistent-ids.patch
 Patch3:CVE-2022-28506.patch
 Patch4:CVE-2023-39742.patch
+Patch5:CVE-2021-40633.patch

 BuildRequires: make xmlto gcc
 provides:      giflib-utils
@ -75,6 +76,9 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*

 %changelog
+* Tue May 14 2024 liwenjie <liwenjie@kylinos.cn> - 5.2.1-8
+- Fix CVE-2021-40633
+
 * Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-7
 - Fix CVE-2023-39742