Overview

File htmldoc-CVE-2022-0534.patch of Package htmldoc.17472

From 312f0f9c12f26fbe015cd0e6cefa40e4b99017d9 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Fri, 7 Jan 2022 18:21:53 -0500
Subject: [PATCH] Block GIF images with a code size > 12 (Issue #463)
Index: htmldoc-1.9.12/htmldoc/image.cxx
===================================================================
--- htmldoc-1.9.12.orig/htmldoc/image.cxx	2022-02-10 13:15:54.999863718 +0100
+++ htmldoc-1.9.12/htmldoc/image.cxx	2022-02-10 13:15:55.007863765 +0100
@@ -305,6 +305,12 @@ gif_read_image(FILE       *fp,		/* I - I
   pass      = 0;
   code_size = (uchar)getc(fp);
 
+  if (code_size > 12)
+  {
+    progress_error(HD_ERROR_READ_ERROR, "Bad GIF file \"%s\" - invalid code size %d.", img->filename, code_size);
+    return (-1);
+  }
+
   if (gif_read_lzw(fp, 1, code_size) < 0)
     return (-1);
openSUSE Build Service is sponsored by
Places