32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so am: bcc1f62715 am: 5311a02e27 am: 954e81ed44 am: e215495b3b Change-Id: I41014416971669f09f0d43b1a548dc56ba570e4e

commit: a044afd70debd781b7c31b202fb0dfc51909f22b [log] [tgz]
author: Tom Taylor <tomtaylor@google.com> Mon Dec 05 23:03:11 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Mon Dec 05 23:03:11 2016 +0000
tree: 467a3350caccde3d8bfb51ce5f7e157c3530eaa3
parent: 9de3ed279b308ff6209db2f74539494d60e81271 [diff]
parent: e215495b3b818828066744446f22d224ba51febd [diff]
diff --git a/jni/GifTranscoder.cpp b/jni/GifTranscoder.cpp
index 1f329f7..a7f5c74 100644
--- a/jni/GifTranscoder.cpp
+++ b/jni/GifTranscoder.cpp

@@ -274,6 +274,11 @@
                     // matches what libframesequence (Rastermill) does.
                     if (imageIndex == 0 && gifIn->SColorMap) {
                         if (gcb.TransparentColor == NO_TRANSPARENT_COLOR) {
+                            if (gifIn->SBackGroundColor < 0 ||
+                                gifIn->SBackGroundColor >= gifIn->SColorMap->ColorCount) {
+                                LOGE("SBackGroundColor overflow");
+                                return false;
+                            }
                             GifColorType bgColorIndex =
                                     gifIn->SColorMap->Colors[gifIn->SBackGroundColor];
                             bgColor = gifColorToColorARGB(bgColorIndex);
commit	a044afd70debd781b7c31b202fb0dfc51909f22b	[log] [tgz]
author	Tom Taylor <tomtaylor@google.com>	Mon Dec 05 23:03:11 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon Dec 05 23:03:11 2016 +0000
tree	467a3350caccde3d8bfb51ce5f7e157c3530eaa3
parent	9de3ed279b308ff6209db2f74539494d60e81271 [diff]
parent	e215495b3b818828066744446f22d224ba51febd [diff]