From 163627448aa8d2893582f2546dd85706586e6243 Mon Sep 17 00:00:00 2001
From: Frank Warmerdam <warmerdam@pobox.com>
Date: Wed, 14 Aug 2013 13:59:16 +0000
Subject: [PATCH] fix possible OOB write in gif2tiff.c

---
 ChangeLog        | 4 ++++
 tools/gif2tiff.c | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 6fbd83fe..ebfb3e68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2013-08-14  Frank Warmerdam  <warmerdam@pobox.com>
+
+	* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244) 
+
 2013-08-13  Frank Warmerdam  <warmerdam@pobox.com>
 
 	* tools/gif2tiff.c: Be more careful about corrupt or
diff --git a/tools/gif2tiff.c b/tools/gif2tiff.c
index 4093411d..002b264b 100644
--- a/tools/gif2tiff.c
+++ b/tools/gif2tiff.c
@@ -1,4 +1,4 @@
-/* $Id: gif2tiff.c,v 1.13 2013-08-14 05:18:53 fwarmerdam Exp $ */
+/* $Id: gif2tiff.c,v 1.14 2013-08-14 13:59:17 fwarmerdam Exp $ */
 
 /*
  * Copyright (c) 1990-1997 Sam Leffler
@@ -400,6 +400,10 @@ process(register int code, unsigned char** fill)
     }
 
     if (oldcode == -1) {
+        if (code >= clear) {
+            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+            return 0;
+        }
 	*(*fill)++ = suffix[code];
 	firstchar = oldcode = code;
 	return 1;