packages/giflib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-28506

Browse Source
This commit is contained in:
duyiwei 2022-06-16 10:33:00 +08:00
parent bb71ab3cbd
commit 19c7bcaa13
2 changed files with 36 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
CVE-2022-28506.patch Normal file
View File

@ -0,0 +1,31 @@
From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Wed, 15 Jun 2022 14:46:24 +0800
Subject: [PATCH] CVE-2022-28506
Signed-off-by: duyiwei <duyiwei@kylinos.cn>
---
gif2rgb.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/gif2rgb.c b/gif2rgb.c
index ccbc0aa..87c413e 100644
--- a/gif2rgb.c
+++ b/gif2rgb.c
@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
GifRow = ScreenBuffer[i];
GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
- ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+ /* Check if color is within color palete */
+ if (GifRow[j] >= ColorMap->ColorCount)
+ {
+ GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
+ }
+ ColorMapEntry = &ColorMap->Colors[GifRow[j]];
*BufferP++ = ColorMapEntry->Red;
*BufferP++ = ColorMapEntry->Green;
*BufferP++ = ColorMapEntry->Blue;
--
2.33.0

6
giflib.spec
View File

@ -1,6 +1,6 @@
Name: giflib
Version: 5.2.1
Release: 2
Release: 3
Summary: A library and utilities for processing GIFs
License: MIT
URL: http://www.sourceforge.net/projects/giflib/
@ -9,6 +9,7 @@ Source: http://downloads.sourceforge.net/giflib/giflib-%{version}.tar.gz
Patch6001: giflib_quantize.patch
Patch6002: giflib_coverity.patch
Patch6003: giflib_html-docs-consistent-ids.patch
Patch6004: CVE-2022-28506.patch
BuildRequires: make xmlto gcc
provides: giflib-utils = %{name}-%{version}
@ -66,6 +67,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a
%{_bindir}/gif*
%changelog
* Thu Jun 16 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-3
- fix CVE-2022-28506
* Thu May 20 2021 liuyumeng <liuyumeng5@huawei.com> - 5.2.1-2
- ADD a package named utils