old
/
legacy-imlib2
3
0
Fork 4
Code Issues 3 Pull Requests Projects Releases Wiki Activity

loader_gif(): Abort gif parsing if DGifGetLine() fails 

Prevents multiple conditinal jumps based on and uses
of unitinitialied memory when parsing fuzzed file
id:000067,src:000000,op:havoc,rep:4,+cov.
This commit is contained in:
Fabian Keil 2014-12-03 12:36:27 +01:00 committed by Carsten Haitzler (Rasterman)
parent 2a53f202fe
commit 2c6a3af9b6
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/modules/loaders/loader_gif.c
View File

@ -85,7 +85,10 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
{
for (j = intoffset[i]; j < h; j += intjump[i])
{
DGifGetLine(gif, rows[j], w);
if (DGifGetLine(gif, rows[i], w) == GIF_ERROR)
{
break;
}
}
}
}
@ -93,7 +96,10 @@ load(ImlibImage * im, ImlibProgressFunction progress, char progress_granularity,
{
for (i = 0; i < h; i++)
{
DGifGetLine(gif, rows[i], w);
if (DGifGetLine(gif, rows[i], w) == GIF_ERROR)
{
break;
}
}
}
done = 1;