The attached gif file will cause an invalid heap write in gif2rgb. The reason is that it allocates a buffer of size GifFile->SHeight * sizeof(GifRowType) which it accesses then at position 0. In the case of SHeight being 0 it causes an invalid memory write.
I'm not sure if this should be fixed in gif2rgb or in giflib itself as an invalid input. I have attached a simple patch that would end gif2rgb in case of such an image.
Log in to post a comment.