[Webkit-unassigned] [Bug 15778] New: Public GIF image decoder can corrupt memory on malformed GIFs

Wed Oct 31 14:16:06 PDT 2007

http://bugs.webkit.org/show_bug.cgi?id=15778

           Summary: Public GIF image decoder can corrupt memory on malformed
                    GIFs
           Product: WebKit
           Version: 523.x+ (nightly)
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Images
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: zerodpx at gmail.com

This bug report is about the code in WebCore/platform/image-decoders/gif, so it
affects the Qt/Cairo versions of WebCore, but not Safari (which uses its own
decoders).

When a malformed GIF specifies a frame (after the first) that is larger than
the overall image, the GIF decoder does not properly check to avoid writing
past the end of the memory buffer, and corrupts memory.

Patch coming shortly.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.