mirror of
https://github.com/RGBCube/serenity
synced 2025-07-25 19:37:35 +00:00
LibGfx: Fix read buffer overflow in interlaced GIF decode
Unfortunately10420dee7e
didn't quite fix it, as the buffer overflow was actually happening here:af22204488/Userland/Libraries/LibGfx/GIFLoader.cpp (L402)
Found by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30507
This commit is contained in:
parent
9aa91e6c6f
commit
ce5fe2a6e8
1 changed files with 7 additions and 6 deletions
|
@ -399,13 +399,14 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
|
|||
++pixel_index;
|
||||
if (pixel_index % image.width == 0) {
|
||||
if (image.interlaced) {
|
||||
if (row + INTERLACE_ROW_STRIDES[interlace_pass] >= image.height) {
|
||||
++interlace_pass;
|
||||
if (interlace_pass < 4)
|
||||
row = INTERLACE_ROW_OFFSETS[interlace_pass];
|
||||
} else {
|
||||
if (interlace_pass < 4)
|
||||
if (interlace_pass < 4) {
|
||||
if (row + INTERLACE_ROW_STRIDES[interlace_pass] >= image.height) {
|
||||
++interlace_pass;
|
||||
if (interlace_pass < 4)
|
||||
row = INTERLACE_ROW_OFFSETS[interlace_pass];
|
||||
} else {
|
||||
row += INTERLACE_ROW_STRIDES[interlace_pass];
|
||||
}
|
||||
}
|
||||
} else {
|
||||
++row;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue