41709c
From: Jan Wielemaker <j.wielemaker@cs.vu.nl>
41709c
Date: Thu, 18 Aug 2011 18:48:18 +0000 (+0200)
41709c
Subject: SECURITY: Bug#7: Fix CVE-2007-6697
41709c
X-Git-Url: http://www.swi-prolog.org/packages/xpce.git/commitdiff_plain/785efb7b94d28c7dbb5b4f2b6f5a908092cf7652
41709c
41709c
SECURITY: Bug#7: Fix CVE-2007-6697
41709c
41709c
The test image https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6697
41709c
in provides an illegal `input_code_size'.
41709c
---
41709c
41709c
diff --git a/src/img/gifread.c b/src/img/gifread.c
41709c
index 3b8a743..ecffccb 100644
41709c
--- a/src/img/gifread.c
41709c
+++ b/src/img/gifread.c
41709c
@@ -555,7 +555,7 @@ ReadImage(IOSTREAM *fd,
41709c
   int xpos = 0, ypos = 0, pass = 0;
41709c
   long curidx;
41709c
 
41709c
-  if (!ReadOK(fd, &c, 1))
41709c
+  if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS )
41709c
   { return GIF_INVALID;
41709c
   }
41709c
   if (LZWReadByte(fd, TRUE, c) < 0)