Skip to content

Commit e4b777c

Browse files
committed
libnsgif: Fix null pointer deref on frameless GIF input
A crafted GIF file with no frame data could cause a null pointer dereference leading to denial of service (crash). Reported by @JieyongMa via huntr.dev.
1 parent 8645008 commit e4b777c

File tree

1 file changed

+6
-0
lines changed

1 file changed

+6
-0
lines changed

Diff for: libnsgif/libnsgif.c

+6
Original file line numberDiff line numberDiff line change
@@ -595,6 +595,12 @@ gif_internal_decode_frame(gif_animation *gif,
595595
unsigned int x, y, decode_y, burst_bytes;
596596
register unsigned char colour;
597597

598+
/* If the GIF has no frame data, frame holders will not be allocated in
599+
* gif_initialise() */
600+
if (gif->frames == NULL) {
601+
return GIF_INSUFFICIENT_DATA;
602+
}
603+
598604
/* Ensure this frame is supposed to be decoded */
599605
if (gif->frames[frame].display == false) {
600606
return GIF_OK;

0 commit comments

Comments
 (0)