fix potential undefined behavior in cgif_addframe

CVE-2026-4985
author: Remi Collet <remi@remirepo.net> 2026-03-31 10:43:32 +0200
committer: Remi Collet <remi@php.net> 2026-03-31 10:43:32 +0200
commit: d5c73104411101ead27f93d82be2f22e2a91769f (patch)
tree: dba03926c5e90643dc580072c43fff15f7e2c019 /libcgif.spec
parent: 8aa168a4fc734965c7c56b249604c1ef609d5474 (diff)
1 files changed, 8 insertions, 1 deletions
diff --git a/libcgif.spec b/libcgif.spec
index d0c534a..7b85bfe 100644
--- a/libcgif.spec
+++ b/libcgif.spec
@@ -18,12 +18,14 @@
 Name:          %{libname}
 Summary:       A fast and lightweight GIF encoder
 Version:       0.5.2
-Release:       1%{?dist}
+Release:       2%{?dist}
 License:       MIT
 
 URL:           https://github.com/%{gh_owner}/%{gh_project}
 Source0:       https://github.com/%{gh_owner}/%{gh_project}/archive/%{gh_commit}/%{gh_project}-%{version}-%{gh_short}.tar.gz
 
+Patch0:        CVE-2026-4985.patch
+
 BuildRequires: gcc
 BuildRequires: meson >= 0.56
 
@@ -62,6 +64,7 @@ for %{libname}.
 
 %prep
 %setup -q -n %{gh_project}-%{gh_commit}
+%patch -P0 -p1 -b .cve
 
 
 %build
@@ -90,6 +93,10 @@ for %{libname}.
 
 
 %changelog
+* Tue Mar 31 2026 Remi Collet <remi@remirepo.net> - 0.5.2-2
+- fix potential undefined behavior in cgif_addframe
+  CVE-2026-4985
+
 * Tue Feb 24 2026 Remi Collet <remi@remirepo.net> - 0.5.2-1
 - update to 0.5.2
author	Remi Collet <remi@remirepo.net>	2026-03-31 10:43:32 +0200
committer	Remi Collet <remi@php.net>	2026-03-31 10:43:32 +0200
commit	d5c73104411101ead27f93d82be2f22e2a91769f (patch)
tree	dba03926c5e90643dc580072c43fff15f7e2c019 /libcgif.spec
parent	8aa168a4fc734965c7c56b249604c1ef609d5474 (diff)