diff options
Diffstat (limited to 'CVE-2026-4985.patch')
| -rw-r--r-- | CVE-2026-4985.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/CVE-2026-4985.patch b/CVE-2026-4985.patch new file mode 100644 index 0000000..12b538b --- /dev/null +++ b/CVE-2026-4985.patch @@ -0,0 +1,31 @@ +From a9ecd7a129f3f7177dfec3e0e7b48c87131ac410 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20L=C3=B6bl?= <dloebl.2000@gmail.com> +Date: Mon, 30 Mar 2026 13:04:27 +0200 +Subject: [PATCH] fix potential undefined behavior in cgif_addframe (#112) + +--- + src/cgif.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/cgif.c b/src/cgif.c +index 7190a1f..d526aee 100644 +--- a/src/cgif.c ++++ b/src/cgif.c +@@ -480,7 +480,7 @@ static void copyFrameConfig(CGIF_FrameConfig* pDest, CGIF_FrameConfig* pSrc) { + int cgif_addframe(CGIF* pGIF, CGIF_FrameConfig* pConfig) { + CGIF_Frame* pNewFrame; + int hasAlpha, hasSetTransp; +- int i; ++ uint32_t i; + cgif_result r; + + // check for previous errors +@@ -518,7 +518,7 @@ int cgif_addframe(CGIF* pGIF, CGIF_FrameConfig* pConfig) { + sameFrame = 0; + } + } else { +- for(i = 0; i < pGIF->config.width * pGIF->config.height; i++) { ++ for(i = 0; i < MULU16(pGIF->config.width, pGIF->config.height); i++) { + if(cmpPixel(pGIF, pConfig, &pGIF->aFrames[pGIF->iHEAD]->config, pConfig->pImageData[i], pGIF->aFrames[pGIF->iHEAD]->config.pImageData[i])) { + sameFrame = 0; + break; |