26 lines
1.0 KiB
Diff
26 lines
1.0 KiB
Diff
From 08438a5098f3bb1de23a29334af55eba663f75bd Mon Sep 17 00:00:00 2001
|
|
From: "Eric S. Raymond" <esr@thyrsus.com>
|
|
Date: Sat, 9 Feb 2019 10:52:21 -0500
|
|
Subject: [PATCH] Address SF bug #113: Heap Buffer Overflow-2 in function
|
|
DGifDecompressLine()...
|
|
|
|
This was CVE-2018-11490
|
|
---
|
|
lib/dgif_lib.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: giflib-5.1.4/lib/dgif_lib.c
|
|
===================================================================
|
|
--- giflib-5.1.4.orig/lib/dgif_lib.c
|
|
+++ giflib-5.1.4/lib/dgif_lib.c
|
|
@@ -901,7 +901,7 @@ DGifDecompressLine(GifFileType *GifFile,
|
|
while (StackPtr != 0 && i < LineLen)
|
|
Line[i++] = Stack[--StackPtr];
|
|
}
|
|
- if (LastCode != NO_SUCH_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
|
|
+ if (LastCode != NO_SUCH_CODE && Private->RunningCode - 2 < LZ_MAX_CODE && Prefix[Private->RunningCode - 2] == NO_SUCH_CODE) {
|
|
Prefix[Private->RunningCode - 2] = LastCode;
|
|
|
|
if (CrntCode == Private->RunningCode - 2) {
|
|
|