gif: ensure we have enough buffer

The block size field in the graphic control extension block should always have the value 4, but don't trust it.
author: corvid <corvid@lavabit.com> 2012-10-08 20:04:58 +0000
committer: corvid <corvid@lavabit.com> 2012-10-08 20:04:58 +0000
commit: 09cecfdf47ed10b49178d7bde77d12864d810262 (patch)
tree: 22333bb1ac2b17c529558cce6e310ae78371f2c5 /src
parent: 5607947f2c3ea9bb8f764c944093b8bf278a4a33 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/gif.c b/src/gif.c
index 054fffee..61407982 100644
--- a/src/gif.c
+++ b/src/gif.c
@@ -312,7 +312,7 @@ static inline size_t
    size_t Size = Buf[0] + 2;
    uint_t Flags;
 
-   if (Size > BSize)
+   if (BSize < 6 || Size > BSize)
       return 0;
    Buf++;
    Flags = Buf[0];
author	corvid <corvid@lavabit.com>	2012-10-08 20:04:58 +0000
committer	corvid <corvid@lavabit.com>	2012-10-08 20:04:58 +0000
commit	09cecfdf47ed10b49178d7bde77d12864d810262 (patch)
tree	22333bb1ac2b17c529558cce6e310ae78371f2c5 /src
parent	5607947f2c3ea9bb8f764c944093b8bf278a4a33 (diff)