diff options
| author | Emmanuele Bassi <ebassi@gmail.com> | 2022-08-09 14:49:05 +0000 |
|---|---|---|
| committer | Emmanuele Bassi <ebassi@gmail.com> | 2022-08-09 14:49:05 +0000 |
| commit | 8ad828c2782355c1747c62b3700bdc052e12e241 (patch) | |
| tree | 6e869172214f03747fd78d5e8e2dcc8382d769db /gdk-pixbuf | |
| parent | 60b09ff71096ea1332f6c9694bc1abc5d33cf695 (diff) | |
| parent | 449441210921c8ed417b0c4d5edbccd2d57e23f8 (diff) | |
| download | gdk-pixbuf-8ad828c2782355c1747c62b3700bdc052e12e241.tar.gz | |
Merge branch 'gif-lzw-code-size-overflow' into 'master'
Fix overflow when reading GIF images with invalid LZW initial code size.
See merge request GNOME/gdk-pixbuf!130
Diffstat (limited to 'gdk-pixbuf')
| -rw-r--r-- | gdk-pixbuf/io-gif.c | 4 | ||||
| -rw-r--r-- | gdk-pixbuf/lzw.c | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c index 1befba155..310bdff6a 100644 --- a/gdk-pixbuf/io-gif.c +++ b/gdk-pixbuf/io-gif.c @@ -499,8 +499,8 @@ gif_prepare_lzw (GifContext *context) /*g_message (_("GIF: EOF / read error on image data\n"));*/ return -1; } - - if (context->lzw_set_code_size > 12) { + + if (context->lzw_set_code_size >= 12) { g_set_error_literal (context->error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE, diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c index 105daf2b1..15293560b 100644 --- a/gdk-pixbuf/lzw.c +++ b/gdk-pixbuf/lzw.c @@ -121,6 +121,8 @@ lzw_decoder_new (guint8 code_size) LZWDecoder *self; int i; + g_return_val_if_fail (code_size <= LZW_CODE_MAX, NULL); + self = g_object_new (lzw_decoder_get_type (), NULL); self->min_code_size = code_size; |