if gif has example 4 colors in colormap, pixels provided still can
hold values higher than 3 (4, 8, 255 etc.) ass a pixel is still a
byte. it should not, but it could. technically it'd be nice for gitlib
to pad its palette out to 256 entires to ensure this cant be a
problem, but it doesn't have to , so make a local copy of the cmap
when decoding pixels and pad out to 256 entires (using color 0 as any
value > pallette ize is invalid anyway so any color will do).
this fixes a possible security attack vector in reading memory out of
bounds of an allocated array. not very far out of bounds - but enough
to cause a crash - ie a dos attack, (not to inject code though).
@fix
Carsten Haitzler
Stefan Schmidt
Bogdan Devichev