[prev in list] [next in list] [prev in thread] [next in thread]
List: graphicsmagick-commit
Subject: [GM-commit] GraphicsMagick: Assure that GIF decoder does not use unitialized...
From: GraphicsMagick Commits <graphicsmagick-commit () lists ! sourceforge ! net>
Date: 2015-02-02 0:33:27
Message-ID: hg.8e8fa353f537.1422837207.-1602079902 () blade ! simplesystems ! org
[Download RAW message or body]
changeset 8e8fa353f537 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f537
summary: Assure that GIF decoder does not use unitialized data.
diffstat:
ChangeLog | 3 +++
coders/gif.c | 8 ++++++++
www/Changelog.html | 2 ++
3 files changed, 13 insertions(+), 0 deletions(-)
diffs (49 lines):
diff -r fb5efb575776 -r 8e8fa353f537 ChangeLog
--- a/ChangeLog Sun Feb 01 10:24:03 2015 -0600
+++ b/ChangeLog Sun Feb 01 18:33:22 2015 -0600
@@ -1,5 +1,8 @@
2015-02-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+ * coders/gif.c (DecodeImage): Assure that GIF decoder does not use
+ unitialized data.
+
* coders/jpeg.c (ReadJPEGImage): Verify that we support the number
of output components before proceeding to decode the image.
diff -r fb5efb575776 -r 8e8fa353f537 coders/gif.c
--- a/coders/gif.c Sun Feb 01 10:24:03 2015 -0600
+++ b/coders/gif.c Sun Feb 01 18:33:22 2015 -0600
@@ -171,6 +171,8 @@
old_code=NullCode;
code_size=data_size+1;
code_mask=(1 << code_size)-1;
+ (void) memset(prefix,0,MaxStackSize*sizeof(short));
+ (void) memset(suffix,0,MaxStackSize);
for (code=0; code < clear; code++)
{
prefix[code]=0;
@@ -261,6 +263,12 @@
*top_stack++=first;
code=old_code;
}
+ /*
+ FIXME: Is the logic for this loop (or the loop which inits
+ suffix and prefix arrays) correct? Values are
+ intentionally accessed outside of the explictly
+ initialized range of 'clear'.
+ */
while (code >= clear)
{
if ((top_stack-pixel_stack) >= MaxStackSize)
diff -r fb5efb575776 -r 8e8fa353f537 www/Changelog.html
--- a/www/Changelog.html Sun Feb 01 10:24:03 2015 -0600
+++ b/www/Changelog.html Sun Feb 01 18:33:22 2015 -0600
@@ -38,6 +38,8 @@
<p>2015-02-01 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
<blockquote>
<ul class="simple">
+<li>coders/gif.c (DecodeImage): Assure that GIF decoder does not use
+unitialized data.</li>
<li>coders/jpeg.c (ReadJPEGImage): Verify that we support the number
of output components before proceeding to decode the image.</li>
</ul>
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Graphicsmagick-commit mailing list
Graphicsmagick-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/graphicsmagick-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic