#78 Invalid write (heap overflow) in gif2rgb with images of size 0

v1.0_(example)
closed
None
1
2016-01-17
2016-01-10
Hanno Böck
No

The attached gif file will cause an invalid heap write in gif2rgb. The reason is that it allocates a buffer of size GifFile->SHeight * sizeof(GifRowType) which it accesses then at position 0. In the case of SHeight being 0 it causes an invalid memory write.

I'm not sure if this should be fixed in gif2rgb or in giflib itself as an invalid input. I have attached a simple patch that would end gif2rgb in case of such an image.

2 Attachments

Discussion

  • Eric S. Raymond

    Eric S. Raymond - 2016-01-17
    • status: open --> closed
    • assigned_to: Eric S. Raymond
     
  • Eric S. Raymond

    Eric S. Raymond - 2016-01-17

    Fix merged in head, thanks.

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks