fix possible OOB write in gif2tiff.c

ChangeLog

@@ -1,3 +1,7 @@
+2013-08-14  Frank Warmerdam  <warmerdam@pobox.com>
+
+	* tools/gif2tiff.c: fix possible OOB write (#2452, CVE-2013-4244) 
+
 2013-08-13  Frank Warmerdam  <warmerdam@pobox.com>
 
 	* tools/gif2tiff.c: Be more careful about corrupt or

tools/gif2tiff.c

@@ -1,4 +1,4 @@
-/* $Id: gif2tiff.c,v 1.13 2013-08-14 05:18:53 fwarmerdam Exp $ */
+/* $Id: gif2tiff.c,v 1.14 2013-08-14 13:59:17 fwarmerdam Exp $ */
 
 /*
  * Copyright (c) 1990-1997 Sam Leffler
@@ -400,6 +400,10 @@ process(register int code, unsigned char** fill)
     }
 
     if (oldcode == -1) {
+        if (code >= clear) {
+            fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear);
+            return 0;
+        }
 	*(*fill)++ = suffix[code];
 	firstchar = oldcode = code;
 	return 1;