SECURITY: Bug#7: Fix CVE-2007-6697

The test image https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6697
in provides an illegal `input_code_size'.

diff --git a/src/img/gifread.c b/src/img/gifread.c
index 3b8a743..ecffccb 100644 (file)
--- a/src/img/gifread.c
+++ b/src/img/gifread.c
@@ -555,7 +555,7 @@ ReadImage(IOSTREAM *fd,
   int xpos = 0, ypos = 0, pass = 0;
   long curidx;
 
-  if (!ReadOK(fd, &c, 1))
+  if ( !ReadOK(fd, &c, 1) || c > MAX_LZW_BITS )
   { return GIF_INVALID;
   }
   if (LZWReadByte(fd, TRUE, c) < 0)