gdk-pixbuf2/backport-CVE-2021-44648.patch

From 19ebba03117aefc9d0312f675f3a210ffdcc4907 Mon Sep 17 00:00:00 2001
From: Robert Ancell <Robert Ancell @robert.ancell>
Date: Tue, 24 May 2022 14:36:15 +0800
Subject: [PATCH] Fix overflow when reading GIF images with invalid LZW initial code size.
 
Conflict:NA
Reference:https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/merge_requests/130/diffs?commit_id=19ebba03117aefc9d0312f675f3a210ffdcc4907
---
 gdk-pixbuf/io-gif.c | 2 +-
 gdk-pixbuf/lzw.c    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)
 
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c
index 1befba1..3d2a7a9 100644
--- a/gdk-pixbuf/io-gif.c
+++ b/gdk-pixbuf/io-gif.c
@@ -500,7 +500,7 @@ gif_prepare_lzw (GifContext *context)
 		return -1;
 	}
         
-        if (context->lzw_set_code_size > 12) {
+        if (context->lzw_set_code_size >= 12) {
                 g_set_error_literal (context->error,
                                      GDK_PIXBUF_ERROR,
                                      GDK_PIXBUF_ERROR_CORRUPT_IMAGE,
diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c
index 105daf2..f3fae17 100644
--- a/gdk-pixbuf/lzw.c
+++ b/gdk-pixbuf/lzw.c
@@ -121,6 +121,8 @@ lzw_decoder_new (guint8 code_size)
         LZWDecoder *self;
         int i;
 
+        g_return_val_if_fail (code_size <= LZW_CODE_MAX, NULL);
+
         self = g_object_new (lzw_decoder_get_type (), NULL);
 
         self->min_code_size = code_size;
-- 
2.27.0