Package: sdl-image1.2 / 1.2.12-5+deb8u1

CVE-2017-14450.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Description: gif: report error on bogus LWZ data, instead of overflowing a buffer.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/45e750f92c84

--- a/IMG_gif.c
+++ b/IMG_gif.c
@@ -494,8 +494,10 @@ LWZReadByte(SDL_RWops *src, int flag, int input_code_size)
 	}
 	while (code >= clear_code) {
 	    *sp++ = table[1][code];
-	    if (code == table[0][code])
-		RWSetMsg("circular table entry BIG ERROR");
+	    if (code == table[0][code]) {
+	        RWSetMsg("circular table entry BIG ERROR");
+	        return -3;
+	    }
 	    code = table[0][code];
 	}