ccandy
/
legacy-imlib2
forked from old/legacy-imlib2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

loader_gif(): Abort gif parsing if DGifGetLine() fails 

Prevents multiple conditinal jumps based on and uses
of unitinitialied memory when parsing fuzzed file
id:000067,src:000000,op:havoc,rep:4,+cov.
This commit is contained in:
Fabian Keil 2014-12-03 12:36:27 +01:00 committed by Carsten Haitzler (Rasterman)
parent 2a53f202fe
commit 2c6a3af9b6
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/modules/loaders/loader_gif.c
View File

@ -85,7 +85,10 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
{ {
for (j = intoffset[i]; j < h; j += intjump[i]) for (j = intoffset[i]; j < h; j += intjump[i])
{ {
DGifGetLine(gif, rows[j], w); if (DGifGetLine(gif, rows[i], w) == GIF_ERROR)
{
break;
}
} }
} }
} }
@ -93,7 +96,10 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
{ {
for (i = 0; i < h; i++) for (i = 0; i < h; i++)
{ {
DGifGetLine(gif, rows[i], w); if (DGifGetLine(gif, rows[i], w) == GIF_ERROR)
{
break;
}
} }
} }
done = 1; done = 1;