[packages/SDL_image.git] / SDL_image-buffer-overflow.patch

--- trunk/SDL_image/IMG_gif.c	2007/12/28 08:17:23	3461
+++ trunk/SDL_image/IMG_gif.c	2007/12/28 16:43:56	3462
@@ -418,6 +418,10 @@
     static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
     register int i;
 
+    /* Fixed buffer overflow found by Michael Skladnikiewicz */
+    if (input_code_size > MAX_LWZ_BITS)
+        return -1;
+
     if (flag) {
 	set_code_size = input_code_size;
 	code_size = set_code_size + 1;
Commit	Line	Data
847756f6 SS	1	--- trunk/SDL_image/IMG_gif.c 2007/12/28 08:17:23 3461
	2	+++ trunk/SDL_image/IMG_gif.c 2007/12/28 16:43:56 3462
	3	@@ -418,6 +418,10 @@
	4	static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
	5	register int i;
	6
	7	+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
	8	+ if (input_code_size > MAX_LWZ_BITS)
	9	+ return -1;
	10	+
	11	if (flag) {
	12	set_code_size = input_code_size;
	13	code_size = set_code_size + 1;