From 470f50f9f885987e39b335547e2a3809d6b8056f Mon Sep 17 00:00:00 2001 From: NRK Date: Sun, 21 Nov 2021 09:04:26 +0600 Subject: [PATCH] fix: img_load_gif: out-of-bound access according to imlib2's gif loader, bg should already be transparent black if bg > cmap->ColorCount --- image.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/image.c b/image.c index 980bf1a..eaa35da 100644 --- a/image.c +++ b/image.c @@ -203,10 +203,13 @@ static bool img_load_gif(img_t *img, const fileinfo_t *file) ptr = data = emalloc(sw * sh * sizeof(DATA32)); cmap = gif->Image.ColorMap ? gif->Image.ColorMap : gif->SColorMap; - r = cmap->Colors[bg].Red; - g = cmap->Colors[bg].Green; - b = cmap->Colors[bg].Blue; - bgpixel = 0x00ffffff & (r << 16 | g << 8 | b); + /* if bg > cmap->ColorCount, it is transparent black already */ + if (cmap && bg >= 0 && bg < cmap->ColorCount) { + r = cmap->Colors[bg].Red; + g = cmap->Colors[bg].Green; + b = cmap->Colors[bg].Blue; + bgpixel = 0x00ffffff & (r << 16 | g << 8 | b); + } for (i = 0; i < sh; i++) { for (j = 0; j < sw; j++) {