8f9a589f33
Add upstream bug fixes OBS-URL: https://build.opensuse.org/request/show/489860 OBS-URL: https://build.opensuse.org/package/show/graphics/gifsicle?expand=0&rev=5
61 lines
2.2 KiB
Diff
61 lines
2.2 KiB
Diff
From 1a29f8f5a0e19a2c671eea3604bb43ad0de8c467 Mon Sep 17 00:00:00 2001
|
|
From: Eddie Kohler <ekohler@gmail.com>
|
|
Date: Fri, 7 Apr 2017 16:55:09 -0400
|
|
Subject: [PATCH] Correct an out-of-bounds read found by @b0b0505 using afl.
|
|
|
|
---
|
|
src/merge.c | 17 ++++++++---------
|
|
1 file changed, 8 insertions(+), 9 deletions(-)
|
|
|
|
diff --git a/src/merge.c b/src/merge.c
|
|
index 699c8ca..47486b7 100644
|
|
--- a/src/merge.c
|
|
+++ b/src/merge.c
|
|
@@ -257,6 +257,7 @@ merge_image(Gif_Stream *dest, Gif_Stream *src, Gif_Image *srci,
|
|
Gt_Frame* srcfr, int same_compressed_ok)
|
|
{
|
|
Gif_Colormap *imagecm;
|
|
+ int imagecm_ncol;
|
|
int i;
|
|
Gif_Colormap *localcm = 0;
|
|
Gif_Colormap *destcm = dest->global;
|
|
@@ -268,12 +269,14 @@ merge_image(Gif_Stream *dest, Gif_Stream *src, Gif_Image *srci,
|
|
uint8_t used[256]; /* used[output pixval K] == 1 iff K was used
|
|
in the image */
|
|
|
|
+
|
|
Gif_Image *desti;
|
|
|
|
/* mark colors that were actually used in this image */
|
|
imagecm = srci->local ? srci->local : src->global;
|
|
+ imagecm_ncol = imagecm ? imagecm->ncol : 0;
|
|
merge_image_input_colors(inused, srci);
|
|
- for (i = imagecm ? imagecm->ncol : 0; i != 256; ++i)
|
|
+ for (i = imagecm_ncol; i != 256; ++i)
|
|
if (inused[i]) {
|
|
lwarning(srcfr->input_filename, "some colors undefined by colormap");
|
|
break;
|
|
@@ -286,18 +289,14 @@ merge_image(Gif_Stream *dest, Gif_Stream *src, Gif_Image *srci,
|
|
/* Merge the colormap */
|
|
if (merge_colormap_if_possible(dest->global, imagecm)) {
|
|
/* Create 'map' and 'used' for global colormap. */
|
|
- for (i = 0; i != 256; ++i)
|
|
- if (inused[i]) {
|
|
- if (imagecm && i < imagecm->ncol)
|
|
- map[i] = imagecm->col[i].pixel;
|
|
- else
|
|
- map[i] = 0;
|
|
- }
|
|
+ for (i = 0; i != imagecm_ncol; ++i)
|
|
+ if (inused[i])
|
|
+ map[i] = imagecm->col[i].pixel;
|
|
|
|
} else {
|
|
/* Need a local colormap. */
|
|
destcm = localcm = Gif_NewFullColormap(0, 256);
|
|
- for (i = 0; i != 256; ++i)
|
|
+ for (i = 0; i != imagecm_ncol; ++i)
|
|
if (inused[i]) {
|
|
map[i] = localcm->ncol;
|
|
localcm->col[localcm->ncol] = imagecm->col[i];
|