#64 Segmentation fault with malformed gif

[Jeff Ito]

Using AFL finds a malformed gif causes segmentation fault

#0  0x000000000048c64e in LZWReadByte (init_flag=<value optimized out>, input_code_size=<value optimized out>, stream=0x800e8efd0) at gifread.c:499

499                 *sp++ = table[1][code];
(gdb) bt  
#0  0x000000000048c64e in LZWReadByte (init_flag=<value optimized out>, input_code_size=<value optimized out>, 
 stream=0x800e8efd0) at gifread.c:499
#1  0x000000000048b3b9 in GIFReadNextBlock (image=<value optimized out>, ext=<value optimized out>, 
 stream=0x800e8efd0) at gifread.c:313
#2  0x000000000042aae6 in pngx_read_gif (png_ptr=0x801406080, info_ptr=0x80140e020, stream=0x800e8efd0)
 at pngxrgif.c:151
#3  0x0000000000424196 in pngx_read_image (png_ptr=0x801406080, info_ptr=0x80140e020, 
 fmt_name_ptr=<value optimized out>, fmt_long_name_ptr=<value optimized out>) at pngxread.c:130
#4  0x000000000040ff10 in opng_read_file (infile=0x800e8efd0) at optim.c:939
#5  0x000000000040b14c in opng_optimize_impl (infile_name=<value optimized out>) at optim.c:1503
#6  0x000000000040a9c4 in opng_optimize (
 infile_name=0x7fffffffedc7 "./tmp/optipng-gif/f/crashes/id:000000,sig:11,src:000001,op:flip1,pos:55")
 at optim.c:1853
#7  0x0000000000406195 in main (argc=<value optimized out>, argv=<value optimized out>) at optipng.c:941
Current language:  auto; currently minimal
(gdb) p code
$1 = 37
(gdb) 

[Cosmin Truta]

Hi, Jeff,

I've just released OptiPNG version 0.7.7, and looking to close the old defects, I realized I had omitted your report. The issue is fixed, but I haven't credited your discovery. Apologies.

I will mention your credit retroactively, in the next OptiPNG release.