From 72243083582a490628f3cafb1354545dff2daade Mon Sep 17 00:00:00 2001
From: Ben Wiederhake <BenWiederhake.GitHub@gmx.de>
Date: Sun, 30 May 2021 20:03:32 +0200
Subject: [PATCH] LibGfx: Reject GIFs with ridiculously large symbols

This also prevents exploitation by malicious GIFs.
Found by OSS Fuzz, long-standing issue
(since 259f8541fcd6bc147c9fb4c57b16cd840700af59)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29034
---
 Userland/Libraries/LibGfx/GIFLoader.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Userland/Libraries/LibGfx/GIFLoader.cpp b/Userland/Libraries/LibGfx/GIFLoader.cpp
index f1d716a485..679cc8f461 100644
--- a/Userland/Libraries/LibGfx/GIFLoader.cpp
+++ b/Userland/Libraries/LibGfx/GIFLoader.cpp
@@ -335,6 +335,9 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
             copy_frame_buffer(*context.frame_buffer, *context.prev_frame_buffer);
         }
 
+        if (image.lzw_min_code_size > 8)
+            return false;
+
         LZWDecoder decoder(image.lzw_encoded_bytes, image.lzw_min_code_size);
 
         // Add GIF-specific control codes