[xv] Fix segv seen with some corrupt gif file
commit 3eceeb9a67b9f2e92832a3f81d95d4efc5f209c4
Author: Paul Howarth <paul(a)city-fan.org>
Date: Mon Feb 28 14:34:44 2022 +0000
Fix segv seen with some corrupt gif file
This has been carried in OpenBSD ports for years (added in
https://github.com/openbsd/ports/commit/9282bea250be7880aba70f1100813c618...).
Unfortunately I don't have more details about the original problem.
xv-3.10a-corrupt-GIF.patch | 46 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 46 insertions(+)
---
diff --git a/xv-3.10a-corrupt-GIF.patch b/xv-3.10a-corrupt-GIF.patch
new file mode 100644
index 0000000..cd70532
--- /dev/null
+++ b/xv-3.10a-corrupt-GIF.patch
@@ -0,0 +1,46 @@
+From 8cac4efc53400cb82afc8c5048940d930243bd3d Mon Sep 17 00:00:00 2001
+From: Stuart Henderson <stu(a)spacehopper.org>
+Date: Fri, 18 Feb 2022 20:43:10 +0000
+Subject: [PATCH] fix segv seen with some corrupt gif file
+
+This has been carried in OpenBSD ports for years (added in
+https://github.com/openbsd/ports/commit/9282bea250be7880aba70f1100813c618231f32b)
+unfortunately I don't have more details about the original problem.
+---
+ src/xvgif.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/xvgif.c b/src/xvgif.c
+index 7bdb3d1..c2b9746 100644
+--- a/src/xvgif.c
++++ b/src/xvgif.c
+@@ -75,6 +75,7 @@ static boolean Interlace, HasGlobalColormap;
+ static byte *RawGIF; /* The heap array to hold it, raw */
+ static byte *Raster; /* The raster data stream, unblocked */
+ static byte *pic8;
++static size_t rasterSize;
+
+ /* The hash table used by the decompressor */
+ static int Prefix[4096];
+@@ -145,7 +146,8 @@ int LoadGIF(fname, pinfo)
+
+ /* the +256's are so we can read truncated GIF files without fear of
+ segmentation violation */
+- if (!(dataptr = RawGIF = (byte *) calloc((size_t) filesize+256, (size_t) 1)))
++ rasterSize = filesize+256;
++ if (!(Raster = (byte *) calloc(rasterSize, (size_t) 1)))
+ FatalError("LoadGIF: not enough memory to read GIF file");
+
+ if (!(Raster = (byte *) calloc((size_t) filesize+256,(size_t) 1)))
+@@ -796,6 +798,8 @@ static int readCode()
+ int RawCode, ByteOffset;
+
+ ByteOffset = BitOffset / 8;
++ if (ByteOffset >= rasterSize-2)
++ return 0;
+ RawCode = Raster[ByteOffset] + (Raster[ByteOffset + 1] << 8);
+ if (CodeSize >= 8)
+ RawCode += ( ((int) Raster[ByteOffset + 2]) << 16);
+--
+2.35.1
+