32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so am: bcc1f62715 am: 5311a02e27 am: 954e81ed44 am: e215495b3b am: a044afd70d am: a1562e5ab6 am: d65f900883

am: 8307b0a020 Change-Id: Ia5a7611f20f4d1dd5274df69c13939a1a7905f55
2016-12-05 23:17:49 +00:00
parent 1ddff725f0 8307b0a020
commit 88b877fa20
1 changed files with 5 additions and 0 deletions
--- a/jni/GifTranscoder.cpp
+++ b/jni/GifTranscoder.cpp
@@ -274,6 +274,11 @@ bool GifTranscoder::resizeBoxFilter(GifFileType* gifIn, GifFileType* gifOut) {
                    // matches what libframesequence (Rastermill) does.
                    if (imageIndex == 0 && gifIn->SColorMap) {
                        if (gcb.TransparentColor == NO_TRANSPARENT_COLOR) {
+                            if (gifIn->SBackGroundColor < 0 ||
+                                gifIn->SBackGroundColor >= gifIn->SColorMap->ColorCount) {
+                                LOGE("SBackGroundColor overflow");
+                                return false;
+                            }
                            GifColorType bgColorIndex =
                                    gifIn->SColorMap->Colors[gifIn->SBackGroundColor];
                            bgColor = gifColorToColorARGB(bgColorIndex);