File gdk-pixbuf-gif-uninitialized-variable.patch of Package gdk-pixbuf

From c1fd9f5d6592c0183c54efc806b3ca6871e1f496 Mon Sep 17 00:00:00 2001
From: Tobias Mueller <muelli@cryptobitch.de>
Date: Fri, 10 Nov 2017 18:51:21 +0100
Subject: [PATCH] gif: Initialise code_last_byte to not cause undefined
 behaviour

Currently, code_last_byte is set only after it has been used, i.e.

    context->block_buf[0] = context->block_buf[context->code_last_byte - 2];

comes before anything has touched context->code_last_byte yet.
Except for the initialisation.
context->code_last_byte is set a few lines later, though.
And nowhere else, except for the initialisation which sets it
to 0.  That will inevitably lead to context->block_buf[-2] which is
undefined behaviour.

We hence set the code_last_byte to 2 in order to not make that
array index invalid.

https://bugzilla.gnome.org/show_bug.cgi?id=778584
---
 gdk-pixbuf/io-gif.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
index acbd1f3be..61821bdf9 100644
--- a/gdk-pixbuf/io-gif.c
+++ b/gdk-pixbuf/io-gif.c
@@ -1165,7 +1165,12 @@ gif_prepare_lzw (GifContext *context)
 	context->lzw_fresh = TRUE;
 	context->code_curbit = 0;
 	context->code_lastbit = 0;
-	context->code_last_byte = 0;
+	/* During initialistion (in gif_lzw_fill_buffer) we substract 2 from
+	 * this value to peek into a buffer.
+	 * In order to not get a negative array index later, we set the value
+	 * to that magic 2 now.
+	 */
+	context->code_last_byte = 2;
 	context->code_done = FALSE;
 
         g_assert (context->lzw_clear_code <= 
-- 
2.15.1