File netpbm-CVE-2017-2579,2580.patch of Package netpbm.7895

Overview Repositories Revisions Requests Users Attributes Meta

File netpbm-CVE-2017-2579,2580.patch of Package netpbm.7895

Index: netpbm-10.66.3/converter/other/giftopnm.c
===================================================================
--- netpbm-10.66.3.orig/converter/other/giftopnm.c	2014-06-23 15:39:40.485801203 +0200
+++ netpbm-10.66.3/converter/other/giftopnm.c	2019-05-16 14:58:48.058002209 +0200
@@ -1074,9 +1074,21 @@ expandCodeOntoStack(struct decompressor
         /* LZW string, defined */
         code = incode;
     else if  (incode == decompP->nextTableSlot && !decompP->fresh) {
-        /* It's a code that isn't in our translation table yet.
-           This does not happen with the decoder in a fresh state.
-        */
+        /* It's a code that isn't in our translation table yet
+        
+           The only thing it could legally be is one higher than the
+           highest one we've seen so far.
+         */
+        if (code > decompP->nextTableSlot) {
+            /* We just abort because we added this to stable code to fix
+               a bug and we don't want to disturb stable code more than we
+               have to.
+            */
+            pm_error("Error in GIF image: LZW string code %u "
+                     "is neither a previously defined one nor the "
+                     "next in sequence to define (%u)",
+                     code, decompP->nextTableSlot);
+        }
         if (wantLzwCodes && verbose)
             pm_message ("LZW code valid, but not in decoder table");
 
@@ -1943,6 +1955,9 @@ convertImage(FILE *           const ifP,
         currentColorMapP = &localColorMap;
     }
 
+    if (imageHeader.cols == 0)
+        pm_error("Invalid GIF - width is zero");
+
     if (!skipIt) {
         readImageData(ifP, imageHeader.cols, imageHeader.rows,
                       *currentColorMapP,

Places

File netpbm-CVE-2017-2579,2580.patch of Package netpbm.7895

Places