91249c3f37
two additional null-deref fixes OBS-URL: https://build.opensuse.org/request/show/561476 OBS-URL: https://build.opensuse.org/package/show/graphics/gifsicle?expand=0&rev=15
25 lines
749 B
Diff
25 lines
749 B
Diff
From 118a46090c50829dc543179019e6140e1235f909 Mon Sep 17 00:00:00 2001
|
|
From: Eddie Kohler <ekohler@gmail.com>
|
|
Date: Sat, 2 Dec 2017 23:08:51 -0500
|
|
Subject: [PATCH] gif_read: Set last_name = NULL unconditionally.
|
|
|
|
With a non-malicious GIF, last_name is set to NULL when a name
|
|
extension is followed by an image. Reported in #117, via
|
|
Debian, via a KAIST fuzzing program.
|
|
---
|
|
src/gifread.c | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/gifread.c b/src/gifread.c
|
|
index eec4e31..9c287dd 100644
|
|
--- a/src/gifread.c
|
|
+++ b/src/gifread.c
|
|
@@ -900,6 +900,7 @@ read_gif(Gif_Reader *grr, int read_flags,
|
|
Gif_DeleteArray(gfc.suffix);
|
|
Gif_DeleteArray(gfc.length);
|
|
gfc.gfi = 0;
|
|
+ last_name = 0;
|
|
|
|
if (gfs)
|
|
gfs->errors = gfc.errors[1];
|