fix possible OOB write in gif2tiff.c
This commit is contained in:
parent
44650c28f1
commit
163627448a
@ -1,3 +1,7 @@
|
|||||||
|
2013-08-14 Frank Warmerdam <warmerdam@pobox.com>
|
||||||
|
|
||||||
|
* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
|
||||||
|
|
||||||
2013-08-13 Frank Warmerdam <warmerdam@pobox.com>
|
2013-08-13 Frank Warmerdam <warmerdam@pobox.com>
|
||||||
|
|
||||||
* tools/gif2tiff.c: Be more careful about corrupt or
|
* tools/gif2tiff.c: Be more careful about corrupt or
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
/* $Id: gif2tiff.c,v 1.13 2013-08-14 05:18:53 fwarmerdam Exp $ */
|
/* $Id: gif2tiff.c,v 1.14 2013-08-14 13:59:17 fwarmerdam Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 1990-1997 Sam Leffler
|
* Copyright (c) 1990-1997 Sam Leffler
|
||||||
@ -400,6 +400,10 @@ process(register int code, unsigned char** fill)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (oldcode == -1) {
|
if (oldcode == -1) {
|
||||||
|
if (code >= clear) {
|
||||||
|
fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
*(*fill)++ = suffix[code];
|
*(*fill)++ = suffix[code];
|
||||||
firstchar = oldcode = code;
|
firstchar = oldcode = code;
|
||||||
return 1;
|
return 1;
|
||||||
|
Loading…
Reference in New Issue
Block a user