32322450 Security Vulnerability - heap buffer overflow in libgiftranscode.so am: bcc1f62715 am: 5311a02e27 am: 954e81ed44 am: e215495b3b am: a044afd70d Change-Id: I1adf9711fa5e74f208693bc710e0060b04544b8d

commit: a1562e5ab6a4cd8a96d4fd9ae571d07d75b26179 [log] [tgz]
author: Tom Taylor <tomtaylor@google.com> Mon Dec 05 23:07:21 2016 +0000
committer: android-build-merger <android-build-merger@google.com> Mon Dec 05 23:07:21 2016 +0000
tree: 84c32fe0858e9355c3dea1cf1e37d37752ad5526
parent: 7ad7ac27f12be44659f2f0ff112a7f8433ebb1b5 [diff]
parent: a044afd70debd781b7c31b202fb0dfc51909f22b [diff]
diff --git a/jni/GifTranscoder.cpp b/jni/GifTranscoder.cpp
index 1f329f7..a7f5c74 100644
--- a/jni/GifTranscoder.cpp
+++ b/jni/GifTranscoder.cpp

@@ -274,6 +274,11 @@
                     // matches what libframesequence (Rastermill) does.
                     if (imageIndex == 0 && gifIn->SColorMap) {
                         if (gcb.TransparentColor == NO_TRANSPARENT_COLOR) {
+                            if (gifIn->SBackGroundColor < 0 ||
+                                gifIn->SBackGroundColor >= gifIn->SColorMap->ColorCount) {
+                                LOGE("SBackGroundColor overflow");
+                                return false;
+                            }
                             GifColorType bgColorIndex =
                                     gifIn->SColorMap->Colors[gifIn->SBackGroundColor];
                             bgColor = gifColorToColorARGB(bgColorIndex);
commit	a1562e5ab6a4cd8a96d4fd9ae571d07d75b26179	[log] [tgz]
author	Tom Taylor <tomtaylor@google.com>	Mon Dec 05 23:07:21 2016 +0000
committer	android-build-merger <android-build-merger@google.com>	Mon Dec 05 23:07:21 2016 +0000
tree	84c32fe0858e9355c3dea1cf1e37d37752ad5526
parent	7ad7ac27f12be44659f2f0ff112a7f8433ebb1b5 [diff]
parent	a044afd70debd781b7c31b202fb0dfc51909f22b [diff]