32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so am: bcc1f62715 Change-Id: Ia790b66a2d7d26b53463ebb2ebae524a7b4155fc

commit: 5311a02e273453c7c445c89ee7abb680acdd4ef1 [log] [tgz]
author: Tom Taylor <tomtaylor@google.com> Mon Dec 05 22:53:45 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Mon Dec 05 22:53:45 2016 +0000
tree: eb94a98116f76e3341a9a581967717903c13aacb
parent: 1bc276100f18e5092b4bc270add5902c1de29356 [diff]
parent: bcc1f62715f8005684ac6b798d0d54224394e975 [diff]
diff --git a/jni/GifTranscoder.cpp b/jni/GifTranscoder.cpp
index 44fa30c..0d50770 100644
--- a/jni/GifTranscoder.cpp
+++ b/jni/GifTranscoder.cpp

@@ -274,6 +274,11 @@
                     // matches what libframesequence (Rastermill) does.
                     if (imageIndex == 0 && gifIn->SColorMap) {
                         if (gcb.TransparentColor == NO_TRANSPARENT_COLOR) {
+                            if (gifIn->SBackGroundColor < 0 ||
+                                gifIn->SBackGroundColor >= gifIn->SColorMap->ColorCount) {
+                                LOGE("SBackGroundColor overflow");
+                                return false;
+                            }
                             GifColorType bgColorIndex =
                                     gifIn->SColorMap->Colors[gifIn->SBackGroundColor];
                             bgColor = gifColorToColorARGB(bgColorIndex);
commit	5311a02e273453c7c445c89ee7abb680acdd4ef1	[log] [tgz]
author	Tom Taylor <tomtaylor@google.com>	Mon Dec 05 22:53:45 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon Dec 05 22:53:45 2016 +0000
tree	eb94a98116f76e3341a9a581967717903c13aacb
parent	1bc276100f18e5092b4bc270add5902c1de29356 [diff]
parent	bcc1f62715f8005684ac6b798d0d54224394e975 [diff]