From 3b50e238b2d7ec2a3d46aa428694e02479477b7a Mon Sep 17 00:00:00 2001
From: "Christoph M. Becker" <cmbecker69@gmx.de>
Date: Wed, 29 Nov 2017 18:52:33 +0100
Subject: [PATCH 1/1] Fixed bug #75571: Potential infinite loop in
gdImageCreateFromGifCtx
Due to a signedness confusion in `GetCode_` a corrupt GIF file can
trigger an infinite loop. Furthermore we make sure that a GIF without
any palette entries is treated as invalid *after* open palette entries
have been removed.
(cherry picked from commit 8d6e9588671136837533fe3785657c31c5b52767)
Index: libgd2-2.2.5/src/gd_gif_in.c
===================================================================
--- libgd2-2.2.5.orig/src/gd_gif_in.c
+++ libgd2-2.2.5/src/gd_gif_in.c
@@ -334,12 +334,6 @@ terminated:
if(!im) {
return 0;
}
-
- if(!im->colorsTotal) {
- gdImageDestroy(im);
- return 0;
- }
-
/* Check for open colors at the end, so
* we can reduce colorsTotal and ultimately
* BitsPerPixel */
@@ -351,6 +345,10 @@ terminated:
}
}
+ if(!im->colorsTotal) {
+ gdImageDestroy(im);
+ return 0;
+ }
return im;
}
distrib
>
Mageia
>
6
>
armv7hl
>
media
>
core-updates-src
>
by-pkgid
>
7b39a47817d344f86f39eece248d8d83
>
files
>
3
