diff options
| author | Remi Collet <remi@remirepo.net> | 2026-03-31 10:43:32 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2026-03-31 10:43:32 +0200 |
| commit | d5c73104411101ead27f93d82be2f22e2a91769f (patch) | |
| tree | dba03926c5e90643dc580072c43fff15f7e2c019 | |
| parent | 8aa168a4fc734965c7c56b249604c1ef609d5474 (diff) | |
fix potential undefined behavior in cgif_addframe
CVE-2026-4985
| -rw-r--r-- | CVE-2026-4985.patch | 31 | ||||
| -rw-r--r-- | libcgif.spec | 9 |
2 files changed, 39 insertions, 1 deletions
diff --git a/CVE-2026-4985.patch b/CVE-2026-4985.patch new file mode 100644 index 0000000..12b538b --- /dev/null +++ b/CVE-2026-4985.patch @@ -0,0 +1,31 @@ +From a9ecd7a129f3f7177dfec3e0e7b48c87131ac410 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20L=C3=B6bl?= <dloebl.2000@gmail.com> +Date: Mon, 30 Mar 2026 13:04:27 +0200 +Subject: [PATCH] fix potential undefined behavior in cgif_addframe (#112) + +--- + src/cgif.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cgif.c b/src/cgif.c +index 7190a1f..d526aee 100644 +--- a/src/cgif.c ++++ b/src/cgif.c +@@ -480,7 +480,7 @@ static void copyFrameConfig(CGIF_FrameConfig* pDest, CGIF_FrameConfig* pSrc) { + int cgif_addframe(CGIF* pGIF, CGIF_FrameConfig* pConfig) { + CGIF_Frame* pNewFrame; + int hasAlpha, hasSetTransp; +- int i; ++ uint32_t i; + cgif_result r; + + // check for previous errors +@@ -518,7 +518,7 @@ int cgif_addframe(CGIF* pGIF, CGIF_FrameConfig* pConfig) { + sameFrame = 0; + } + } else { +- for(i = 0; i < pGIF->config.width * pGIF->config.height; i++) { ++ for(i = 0; i < MULU16(pGIF->config.width, pGIF->config.height); i++) { + if(cmpPixel(pGIF, pConfig, &pGIF->aFrames[pGIF->iHEAD]->config, pConfig->pImageData[i], pGIF->aFrames[pGIF->iHEAD]->config.pImageData[i])) { + sameFrame = 0; + break; diff --git a/libcgif.spec b/libcgif.spec index d0c534a..7b85bfe 100644 --- a/libcgif.spec +++ b/libcgif.spec @@ -18,12 +18,14 @@ Name: %{libname} Summary: A fast and lightweight GIF encoder Version: 0.5.2 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT URL: https://github.com/%{gh_owner}/%{gh_project} Source0: https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz +Patch0: CVE-2026-4985.patch + BuildRequires: gcc BuildRequires: meson >= 0.56 @@ -62,6 +64,7 @@ for %{libname}. %prep %setup -q -n %{gh_project}-%{gh_commit} +%patch -P0 -p1 -b .cve %build @@ -90,6 +93,10 @@ for %{libname}. %changelog +* Tue Mar 31 2026 Remi Collet <remi@remirepo.net> - 0.5.2-2 +- fix potential undefined behavior in cgif_addframe + CVE-2026-4985 + * Tue Feb 24 2026 Remi Collet <remi@remirepo.net> - 0.5.2-1 - update to 0.5.2 |