!28 Fix CVE-2023-39742

From: @fundawang Reviewed-by: @lyn1001 Signed-off-by: @lyn1001
2023-09-16 01:34:00 +00:00 · 2023-09-16 01:34:00 +00:00 · 55e027614c
commit 55e027614c
parent dd10b99132 a5e59da87f
2 changed files with 29 additions and 1 deletions
--- a/CVE-2023-39742.patch
+++ b/CVE-2023-39742.patch
@ -0,0 +1,24 @@
+Description: Fix segmentation faults due to non correct checking for args
+Author: David Suárez <david.sephirot@gmail.com>
+Origin: vendor
+Bug: https://sourceforge.net/p/giflib/bugs/153/
+Bug-Debian: https://bugs.debian.org/715963
+Bug-Debian: https://bugs.debian.org/715964
+Bug-Debian: https://bugs.debian.org/715967
+Last-Update: 2020-12-20
+
+--- a/getarg.c
+++ b/getarg.c
+@@ -305,6 +305,12 @@
+     int i = 0, ScanRes;
+ 
+     while (!(ISSPACE(CtrlStrCopy[i]))) {
+
+        if ((*argv) == argv_end) {
+            GAErrorToken = Option;
+            return CMD_ERR_NumRead;
+        }
+
+         switch (CtrlStrCopy[i + 1]) {
+           case 'd':    /* Get signed integers. */
+               ScanRes = sscanf(*((*argv)++), "%d",
--- a/giflib.spec
+++ b/giflib.spec
@ -1,6 +1,6 @@
 Name:          giflib
 Version:       5.2.1
-Release:       3
+Release:       4
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@ -10,6 +10,7 @@ Patch6001:     giflib_quantize.patch
 Patch6002:     giflib_coverity.patch
 Patch6003:     giflib_html-docs-consistent-ids.patch
 Patch6004:     CVE-2022-28506.patch
+Patch6005:     CVE-2023-39742.patch

 BuildRequires: make xmlto gcc
 provides:      giflib-utils = %{name}-%{version}
@ -67,6 +68,9 @@ rm -f %{buildroot}%{_libdir}/libgif.a
 %{_bindir}/gif*

 %changelog
+* Fri Sep 15 2023 Funda Wang <fundawang@yeah.net> - 5.2.1-4
+- Fix CVE-2023-39742
+
 * Thu Jun 16 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-3
 - fix CVE-2022-28506