25 lines
776 B
Diff
25 lines
776 B
Diff
From: Jan Wielemaker <J.Wielemaker@cs.vu.nl>
|
|
Date: Thu, 18 Aug 2011 18:48:18 +0000 (+0200)
|
|
Subject: SECURITY: Bug#7: Fix CVE-2007-6697
|
|
X-Git-Url: http://www.swi-prolog.org/packages/xpce.git/commitdiff_plain/785efb7b94d28c7dbb5b4f2b6f5a908092cf7652
|
|
|
|
SECURITY: Bug#7: Fix CVE-2007-6697
|
|
|
|
The test image https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6697
|
|
in provides an illegal `input_code_size'.
|
|
---
|
|
|
|
diff --git a/src/img/gifread.c b/src/img/gifread.c
|
|
index 3b8a743..ecffccb 100644
|
|
--- a/src/img/gifread.c
|
|
+++ b/src/img/gifread.c
|
|
@@ -555,7 +555,7 @@ ReadImage(IOSTREAM *fd,
|
|
int xpos = 0, ypos = 0, pass = 0;
|
|
long curidx;
|
|
|
|
- if (!ReadOK(fd, &c, 1))
|
|
+ if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS )
|
|
{ return GIF_INVALID;
|
|
}
|
|
if (LZWReadByte(fd, TRUE, c) < 0)
|
