graphics/giflib: Add patch to fix regression

There is a regression with the 5.1.2 update to giflib. This affects the ability for applications to render gif images usually ocurring after the first gif image is rendered. Upstream has been notified but has not yet provided feedback. giflib 5.1.2 was a security fix, so reverting is not reasonable. "The removed check look redundant - I couldn't find a code path where Private->RunningBits would exceed that limit after initialization. (Currently Private->RunningBits is checked before it is initialized)." PR: 207849 Submitted by: Stefan Ehmann <shoesoft@gmx.net> Approved by: ports-secteam (with hat) MFH: 2016Q1
svn path=/head/; revision=410712
2024-12-04 01:48:54 +00:00 · 2016-03-09 17:13:49 +00:00 · 2016-03-09 17:13:49 +00:00 · 0de3f2636e · 2021-03-31 03:12:20 +00:00
commit 0de3f2636e
parent e1e600db5d
2 changed files with 12 additions and 1 deletions
--- a/graphics/giflib/Makefile
+++ b/graphics/giflib/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	giflib
 PORTVERSION=	5.1.2
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	graphics
 MASTER_SITES=	SF/${PORTNAME}

--- a/graphics/giflib/files/patch-lib_dgif__lib.c
+++ b/graphics/giflib/files/patch-lib_dgif__lib.c
@ -0,0 +1,11 @@
+--- lib/dgif_lib.c.orig	2016-03-06 10:52:49.090426000 +0100
+++ lib/dgif_lib.c	2016-03-06 10:53:00.938584000 +0100
+@@ -764,7 +764,7 @@
+     BitsPerPixel = CodeSize;
+ 
+     /* this can only happen on a severely malformed GIF */
+-    if (BitsPerPixel > 8 || Private->RunningBits > 32) {
+    if (BitsPerPixel > 8) {
+ 	GifFile->Error = D_GIF_ERR_READ_FAILED;	/* somewhat bogus error code */
+ 	return GIF_ERROR;    /* Failed to read Code size. */
+     }