Overview

File giflib-integer-overflow.patch of Package giflib.38145

--- giflib-5.0.5/util/gif2rgb.c	2024-07-23 08:33:42.771452333 +0200
+++ giflib-5.0.5/util/gif2rgb.c	2024-07-23 08:51:12.318814082 +0200
@@ -26,6 +26,7 @@
 #include <string.h>
 #include <stdbool.h>
 #include <fcntl.h>
+#include <limits.h>
 
 #ifdef _WIN32
 #include <io.h>
@@ -520,10 +521,14 @@
     }
     if (!OutFileFlag) OutFileName = NULL;
 
-    if (SizeFlag && Width > 0 && Height > 0)
+    if (SizeFlag) {
+        if ((Width <= 0 || Height <= 0) || (Height > INT_MAX / Width)) {
+            GIF_MESSAGE("Image size would be overflow, zero or negative");
+            exit(EXIT_FAILURE);
+        }
 	RGB2GIF(OneFileFlag, NumFiles, *FileName, 
 		ExpNumOfColors, Width, Height);
-    else
+    } else
 	GIF2RGB(NumFiles, *FileName, OneFileFlag, OutFileName);
 
     return 0;
openSUSE Build Service is sponsored by
Places