32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so am: bcc1f62715 am: 5311a02e27 am: 954e81ed44

am: e215495b3b

Change-Id: I41014416971669f09f0d43b1a548dc56ba570e4e

jni/GifTranscoder.cpp

@@ -274,6 +274,11 @@ bool GifTranscoder::resizeBoxFilter(GifFileType* gifIn, GifFileType* gifOut) {
                     // matches what libframesequence (Rastermill) does.
                     if (imageIndex == 0 && gifIn->SColorMap) {
                         if (gcb.TransparentColor == NO_TRANSPARENT_COLOR) {
+                            if (gifIn->SBackGroundColor < 0 ||
+                                gifIn->SBackGroundColor >= gifIn->SColorMap->ColorCount) {
+                                LOGE("SBackGroundColor overflow");
+                                return false;
+                            }
                             GifColorType bgColorIndex =
                                     gifIn->SColorMap->Colors[gifIn->SBackGroundColor];
                             bgColor = gifColorToColorARGB(bgColorIndex);