Package: htmldoc / 1.9.11-4+deb11u3

CVE-2022-24191.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Tue, 25 Jan 2022 18:11:34 -0500
Subject: CVE-2022-24191

Fix a potential stack overflow bug with GIF images (Issue #470)
---
 htmldoc/image.cxx | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
index 91074a6..a85f1f9 100644
--- a/htmldoc/image.cxx
+++ b/htmldoc/image.cxx
@@ -453,7 +453,6 @@ gif_read_lzw(FILE *fp,			/* I - File to read from */
     {
       uchar	buf[260];
 
-
       if (!gif_eof)
         while (gif_get_block(fp, buf) > 0);
 
@@ -470,17 +469,23 @@ gif_read_lzw(FILE *fp,			/* I - File to read from */
 
     while (code >= clear_code)
     {
+      if (sp >= (stack + sizeof(stack)))
+        return (255);
+
       *sp++ = table[1][code];
+
       if (code == table[0][code])
 	return (255);
 
       code = table[0][code];
     }
 
+    if (sp >= (stack + sizeof(stack)))
+      return (255);
+
     *sp++ = firstcode = table[1][code];
-    code  = max_code;
 
-    if (code < 4096)
+    if ((code = max_code) < 4096)
     {
       table[0][code] = oldcode;
       table[1][code] = firstcode;