1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
commit 312f0f9c12f26fbe015cd0e6cefa40e4b99017d9
Author: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Fri Jan 7 18:21:53 2022 -0500
Block GIF images with a code size > 12 (Issue #463)
Index: htmldoc-1.9.3/htmldoc/image.cxx
===================================================================
--- htmldoc-1.9.3.orig/htmldoc/image.cxx 2022-02-26 01:03:09.413504393 +0100
+++ htmldoc-1.9.3/htmldoc/image.cxx 2022-02-26 01:03:09.409504395 +0100
@@ -293,6 +293,12 @@
pass = 0;
code_size = (uchar)getc(fp);
+ if (code_size > 12)
+ {
+ progress_error(HD_ERROR_READ_ERROR, "Bad GIF file \"%s\" - invalid code size %d.", img->filename, code_size);
+ return (-1);
+ }
+
if (gif_read_lzw(fp, 1, code_size) < 0)
return (-1);
@@ -420,7 +426,7 @@
if (sp > stack)
return (*--sp);
- while ((code = gif_get_code (fp, code_size, 0)) >= 0)
+ while ((code = gif_get_code(fp, code_size, 0)) >= 0)
{
if (code == clear_code)
{
|
