32764144 Security Vulnerability - heap buffer overflow in libgiftranscode.so in colorMap->Colors[colorIndex]
am: 6f763fef7a
Change-Id: Ia34564714e00734976099b95594b6ea6501894b9
diff --git a/jni/GifTranscoder.cpp b/jni/GifTranscoder.cpp
index 81f3f75..0e83982 100644
--- a/jni/GifTranscoder.cpp
+++ b/jni/GifTranscoder.cpp
@@ -384,6 +384,11 @@
for (int y = 0; y < gifIn->Image.Height; y++) {
for (int x = 0; x < gifIn->Image.Width; x++) {
GifByteType colorIndex = *getPixel(rasterBits, gifIn->Image.Width, x, y);
+ if (colorIndex >= colorMap->ColorCount) {
+ LOGE("Color Index %d is out of bounds (count=%d)", colorIndex,
+ colorMap->ColorCount);
+ return false;
+ }
// This image may be smaller than the GIF's "logical screen"
int renderX = x + gifIn->Image.Left;