On 04/02/2016 08:26 PM, Yuriy M. Kaminskiy wrote: > Mike Frysinger <vap...@gentoo.org> writes: > > This does not cover out-of-bound SBackGroundColor (giflib does not > verify if it is less than ColorCount). > I've just sent *better* patch that fixes this problem: > http://permalink.gmane.org/gmane.comp.window-managers.enlightenment.devel/64001 > (with wrong bug link) > >> From: Bernhard Übelacker <bernha...@vr-web.de> >> >> Verify the color map is inbounds before indexing with it. >> >> https://bugs.debian.org/785369 >> --- >> src/modules/loaders/loader_gif.c | 13 ++++++++++--- >> 1 file changed, 10 insertions(+), 3 deletions(-) >> >> diff --git a/src/modules/loaders/loader_gif.c >> b/src/modules/loaders/loader_gif.c >> index 638df59..7bdf29c 100644 >> --- a/src/modules/loaders/loader_gif.c >> +++ b/src/modules/loaders/loader_gif.c >> @@ -170,9 +170,16 @@ load(ImlibImage * im, ImlibProgressFunction progress, >> char progress_granularity, >> } >> else >> { >> - r = cmap->Colors[rows[i][j]].Red; >> - g = cmap->Colors[rows[i][j]].Green; >> - b = cmap->Colors[rows[i][j]].Blue; >> + if (rows[i][j] < cmap->ColorCount) >> + { >> + r = cmap->Colors[rows[i][j]].Red; >> + g = cmap->Colors[rows[i][j]].Green; >> + b = cmap->Colors[rows[i][j]].Blue; >> + } >> + else >> + { >> + r = g = b = 0; >> + } >> *ptr++ = (0xff << 24) | (r << 16) | (g << 8) | b; >> } >> per += per_inc; > >
Right, I was going to push Yuriys patches as they look a bit more correct and efficient to me (although I haven't tested it), but I see Mike has pushed this one. Any comments? /Kim ------------------------------------------------------------------------------ _______________________________________________ enlightenment-devel mailing list enlightenment-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/enlightenment-devel
