Alexandre Rebert a écrit , Le 24/12/2013 15:21:
The program crashes with an invalid GIF, which you can find under
./crash/file_DAAAAAAAAA.symb. After looking at the code, the problem
seems to be in the main loop of Gif2Mem in gif2mem.c. The loop keeps
going as long as the block identifier is unknown. After many iterations,
the memory dereference *MemGif segfaults. Since MemGif is incremented at
each iteration, it eventually points to unmapped memory.
One solution is to pass the MemGif buffer size as an argument to
Gif2mem, and to check that reads are within bounds at each loop iteration.
Thanks for this detailed report, this is very much appreciated..
_g.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
