RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 20:17:44 +00:00
Code Issues Activity Actions

LibGfx: Fix global-buffer-overflow in interlaced GIF decode

Browse source 
Regressed with 57e10eadac and immediately
caught by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30507
This commit is contained in:
Andreas Kling 2021-02-07 11:18:55 +01:00
parent 0c66e53544
commit 10420dee7e
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Userland/Libraries/LibGfx/GIFLoader.cpp
View file

@ -404,7 +404,8 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
if (interlace_pass < 4) if (interlace_pass < 4)
row = INTERLACE_ROW_OFFSETS[interlace_pass]; row = INTERLACE_ROW_OFFSETS[interlace_pass];
} else { } else {
row += INTERLACE_ROW_STRIDES[interlace_pass]; if (interlace_pass < 4)
row += INTERLACE_ROW_STRIDES[interlace_pass];
} }
} else { } else {
++row; ++row;