From 655c33ef0a9b26708a80d407e14506d73eb4a0ce Mon Sep 17 00:00:00 2001 From: npt-1707 Date: Thu, 8 May 2025 00:19:44 +0800 Subject: [PATCH] libraries/tiff/tools/gif2tiff.c: fix possible OOB write --- libraries/tiff/tools/gif2tiff.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libraries/tiff/tools/gif2tiff.c b/libraries/tiff/tools/gif2tiff.c index 8e0ebd9dd..28fb98bc6 100644 --- a/libraries/tiff/tools/gif2tiff.c +++ b/libraries/tiff/tools/gif2tiff.c @@ -394,6 +394,10 @@ process(register int code, unsigned char** fill) } if (oldcode == -1) { + if (code >= clear) { + fprintf(stderr, "bad input: code=%d is larger than clear=%d\n",code, clear); + return 0; + } *(*fill)++ = suffix[code]; firstchar = oldcode = code; return 1;