32 lines
1.1 KiB
Diff
32 lines
1.1 KiB
Diff
From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001
|
|
From: duyiwei <duyiwei@kylinos.cn>
|
|
Date: Wed, 15 Jun 2022 14:46:24 +0800
|
|
Subject: [PATCH] CVE-2022-28506
|
|
|
|
Signed-off-by: duyiwei <duyiwei@kylinos.cn>
|
|
---
|
|
gif2rgb.c | 7 ++++++-
|
|
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/gif2rgb.c b/gif2rgb.c
|
|
index ccbc0aa..87c413e 100644
|
|
--- a/gif2rgb.c
|
|
+++ b/gif2rgb.c
|
|
@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
|
|
GifRow = ScreenBuffer[i];
|
|
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
|
|
for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
|
|
- ColorMapEntry = &ColorMap->Colors[GifRow[j]];
|
|
+ /* Check if color is within color palete */
|
|
+ if (GifRow[j] >= ColorMap->ColorCount)
|
|
+ {
|
|
+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
|
|
+ }
|
|
+ ColorMapEntry = &ColorMap->Colors[GifRow[j]];
|
|
*BufferP++ = ColorMapEntry->Red;
|
|
*BufferP++ = ColorMapEntry->Green;
|
|
*BufferP++ = ColorMapEntry->Blue;
|
|
--
|
|
2.33.0
|
|
|