Description: gif: report error on bogus LWZ data, instead of overflowing a buffer. Origin: upstream, https://hg.libsdl.org/SDL_image/rev/45e750f92c84 --- a/IMG_gif.c +++ b/IMG_gif.c @@ -494,8 +494,10 @@ LWZReadByte(SDL_RWops *src, int flag, int input_code_size) } while (code >= clear_code) { *sp++ = table[1][code]; - if (code == table[0][code]) - RWSetMsg("circular table entry BIG ERROR"); + if (code == table[0][code]) { + RWSetMsg("circular table entry BIG ERROR"); + return -3; + } code = table[0][code]; }