#31 GIF loading fails on incomplete images

closed-accepted
Dario Meloni
None
5
2007-01-10
2007-01-10
No

il_gif.c, GifGetData:

The commands *sp++ = fc, *sp++ = suffix[code] do not check for stack overflow (lines 581, 584). This can be prevented by using the following code prior to the assignments:

if (sp >= stack + MAX_CODES) {
cleanUpGifLoadState();
return IL_FALSE;
}

with

void cleanUpGifLoadState()
{
ifree(stack);
ifree(suffix);
ifree(prefix);
}

Discussion

  • Dario Meloni
    Dario Meloni
    2007-01-10

    • assigned_to: nobody --> darkyojimbo
    • status: open --> closed-accepted
     
  • Logged In: YES
    user_id=1105668
    Originator: YES

    Another assignment that requires the same test is *sp++ = (ILbyte)code; in line 587