blob: fa629aaa8551e4872c4e6eccca0796463ab3b689 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
$NetBSD: patch-ab,v 1.1 2008/02/11 10:12:24 drochner Exp $
--- IMG_gif.c.orig 2007-07-02 04:03:48.000000000 +0200
+++ IMG_gif.c
@@ -418,6 +418,10 @@ LWZReadByte(SDL_RWops *src, int flag, in
static int stack[(1 << (MAX_LWZ_BITS)) * 2], *sp;
register int i;
+ /* Fixed buffer overflow found by Michael Skladnikiewicz */
+ if (input_code_size > MAX_LWZ_BITS)
+ return -1;
+
if (flag) {
set_code_size = input_code_size;
code_size = set_code_size + 1;
|