fix possible OOB write in gif2tiff.c

This commit is contained in:
Frank Warmerdam 2013-08-14 13:59:16 +00:00
parent 44650c28f1
commit 163627448a
2 changed files with 9 additions and 1 deletions

View File

@ -1,3 +1,7 @@
2013-08-14 Frank Warmerdam <warmerdam@pobox.com>
* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244)
2013-08-13 Frank Warmerdam <warmerdam@pobox.com> 2013-08-13 Frank Warmerdam <warmerdam@pobox.com>
* tools/gif2tiff.c: Be more careful about corrupt or * tools/gif2tiff.c: Be more careful about corrupt or

View File

@ -1,4 +1,4 @@
/* $Id: gif2tiff.c,v 1.13 2013-08-14 05:18:53 fwarmerdam Exp $ */ /* $Id: gif2tiff.c,v 1.14 2013-08-14 13:59:17 fwarmerdam Exp $ */
/* /*
* Copyright (c) 1990-1997 Sam Leffler * Copyright (c) 1990-1997 Sam Leffler
@ -400,6 +400,10 @@ process(register int code, unsigned char** fill)
} }
if (oldcode == -1) { if (oldcode == -1) {
if (code >= clear) {
fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
return 0;
}
*(*fill)++ = suffix[code]; *(*fill)++ = suffix[code];
firstchar = oldcode = code; firstchar = oldcode = code;
return 1; return 1;