Skip to content
Permalink
Browse files Browse the repository at this point in the history
fetch map after DGifGetImageDesc()
Earlier refactoring broke GIF map fetch.
  • Loading branch information
jcupitt committed Aug 27, 2019
1 parent 25e4577 commit ce684dd
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions libvips/foreign/gifload.c
Expand Up @@ -408,9 +408,8 @@ vips_foreign_load_gif_scan_image( VipsForeignLoadGif *gif )
{
VipsObjectClass *class = VIPS_OBJECT_GET_CLASS( gif );
GifFileType *file = gif->file;
ColorMapObject *map = file->Image.ColorMap ?
file->Image.ColorMap : file->SColorMap;

ColorMapObject *map;
GifByteType *extension;

if( DGifGetImageDesc( gif->file ) == GIF_ERROR ) {
Expand All @@ -435,6 +434,7 @@ vips_foreign_load_gif_scan_image( VipsForeignLoadGif *gif )

/* Test for a non-greyscale colourmap for this frame.
*/
map = file->Image.ColorMap ? file->Image.ColorMap : file->SColorMap;
if( !gif->has_colour &&
map ) {
int i;
Expand Down

4 comments on commit ce684dd

@x64nik
Copy link

@x64nik x64nik commented on ce684dd Oct 13, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

how to use itt men plz tell me , or it can use in metasploit..?

@carnil
Copy link

@carnil carnil commented on ce684dd Dec 29, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jcupitt Is it correct that the issue (which got assigned CVE-2019-17534, cf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796) only ever was present in a non-tagged version, introduced with the refactoring around 5749d60...f6cc2a9? So no released/tagged version was ever affected?

@jcupitt
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I think that's correct.

This commit introduced the bug on 26 August to git master:

25e4577#diff-0ecc7d6a66fc223548212a9bac2745c9

oss-fuzz found the bug that night, and this commit we are commenting on fixed it on 27 August. It was never formally released.

The CVE was created automatically. I don't think anyone was affected.

@carnil
Copy link

@carnil carnil commented on ce684dd Dec 31, 2019 via email

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.