32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex] am: 6f763fef7a am: 9f00add2fb am: 71d4913462 am: 82fa311e9a

am: cc649e4e1e Change-Id: Ibd12cb39d3abb95bacdfd0461927f5bd57b0c2c4
2017-01-17 19:53:24 +00:00
parent 508f541438 cc649e4e1e
commit 657379f51c
1 changed files with 5 additions and 0 deletions
--- a/jni/GifTranscoder.cpp
+++ b/jni/GifTranscoder.cpp
@@ -384,6 +384,11 @@ bool GifTranscoder::renderImage(GifFileType* gifIn,
    for (int y = 0; y < gifIn->Image.Height; y++) {
        for (int x = 0; x < gifIn->Image.Width; x++) {
            GifByteType colorIndex = *getPixel(rasterBits, gifIn->Image.Width, x, y);
+            if (colorIndex >= colorMap->ColorCount) {
+                LOGE("Color Index %d is out of bounds (count=%d)", colorIndex,
+                    colorMap->ColorCount);
+                return false;
+            }

            // This image may be smaller than the GIF's "logical screen"
            int renderX = x + gifIn->Image.Left;