Blob Blame Raw
From: Jan Wielemaker <J.Wielemaker@cs.vu.nl>
Date: Thu, 18 Aug 2011 18:48:18 +0000 (+0200)
Subject: SECURITY: Bug#7: Fix CVE-2007-6697
X-Git-Url: http://www.swi-prolog.org/packages/xpce.git/commitdiff_plain/785efb7b94d28c7dbb5b4f2b6f5a908092cf7652

SECURITY: Bug#7: Fix CVE-2007-6697

The test image https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6697
in provides an illegal `input_code_size'.
---

diff --git a/src/img/gifread.c b/src/img/gifread.c
index 3b8a743..ecffccb 100644
--- a/src/img/gifread.c
+++ b/src/img/gifread.c
@@ -555,7 +555,7 @@ ReadImage(IOSTREAM *fd,
   int xpos = 0, ypos = 0, pass = 0;
   long curidx;
 
-  if (!ReadOK(fd, &c, 1))
+  if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS )
   { return GIF_INVALID;
   }
   if (LZWReadByte(fd, TRUE, c) < 0)