Recent changes to patcheshttps://sourceforge.net/p/giflib/patches/2026-04-06T18:33:52.950000ZRecent changes to patchesComprehensive integer overflow prevention and security hardening2026-04-06T18:33:52.950000Z2026-04-06T18:33:52.950000ZMohammad Seethttps://sourceforge.net/u/mohammadseet/https://sourceforge.net54f854f6b790217d0cf04b2457e2272867119b40<div class="markdown_content"><h2 id="h-summary">Summary</h2>
<p>This patch fixes 4 integer overflow vulnerabilities in giflib's core library and adds security testing infrastructure (sanitizer build targets + libFuzzer harness).</p>
<hr/>
<h2 id="h-bug-1-signed-integer-overflow-in-gifapplytranslation-gifallocc214">Bug 1: Signed integer overflow in <code>GifApplyTranslation</code> (<code>gifalloc.c:214</code>)</h2>
<p><code>Height * Width</code> is computed as <code>int</code> (signed 32-bit). For images where the product exceeds <code>INT_MAX</code>, this is undefined behavior per C99 §6.5/5.</p>
<p><strong>UBSan trace on unpatched giflib 6.1.2:</strong></p>
<div class="codehilite"><pre><span></span><code><span class="nx">gifalloc</span><span class="p">.</span><span class="nx">c</span><span class="p">:</span><span class="mi">214</span><span class="p">:</span><span class="mi">15</span><span class="p">:</span><span class="w"> </span><span class="nx">runtime</span><span class="w"> </span><span class="nx">error</span><span class="p">:</span><span class="w"> </span><span class="nx">signed</span><span class="w"> </span><span class="nx">integer</span><span class="w"> </span><span class="nx">overflow</span><span class="p">:</span>
<span class="mi">46341</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">46341</span><span class="w"> </span><span class="nx">cannot</span><span class="w"> </span><span class="nx">be</span><span class="w"> </span><span class="nx">represented</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="err">'</span><span class="nx">int</span><span class="err">'</span>
</code></pre></div>
<p>The loop bound <code>RasterSize</code> gets an unpredictable value due to UB, corrupting pixel translation. Fixed by using <code>size_t</code> with a new <code>GifSafeMult()</code> overflow-checked multiplication helper.</p>
<hr/>
<h2 id="h-bug-2-heap-buffer-overflow-in-gifmakesavedimage-gifallocc372-384">Bug 2: Heap buffer overflow in <code>GifMakeSavedImage</code> (<code>gifalloc.c:372-384</code>)</h2>
<p>Two independent overflow sites in the same function:</p>
<ol>
<li>
<p><code>reallocarray(NULL, (Height * Width), sizeof(GifPixelType))</code> — the <code>Height * Width</code> multiplication happens in <code>int</code> arithmetic before being passed to <code>reallocarray</code>, defeating its overflow protection entirely. The overflowed <code>int</code> is implicitly converted to <code>size_t</code>, producing a wrong allocation size.</p>
</li>
<li>
<p><code>memcpy(dst, src, sizeof(GifPixelType) * Height * Width)</code> — computes the copy size independently, also in <code>int</code> arithmetic. The <code>memcpy</code> size does not match the allocation size — on overflow, <code>memcpy</code> writes past the allocated buffer → heap buffer overflow.</p>
</li>
</ol>
<p>Fixed by computing the size once with <code>GifSafeMult()</code> and using it for both allocation and copy. On overflow, the function returns <code>NULL</code> instead of allocating a wrong-sized buffer.</p>
<hr/>
<h2 id="h-bug-3-pixelcount-overflow-on-32-bit-systems-dgif_libc418-egif_libc451">Bug 3: <code>PixelCount</code> overflow on 32-bit systems (<code>dgif_lib.c:418</code>, <code>egif_lib.c:451</code>)</h2>
<p><code>(long)Width * (long)Height</code> overflows signed <code>long</code> on 32-bit platforms where <code>long</code> is 32 bits. For example: 65535 × 65535 = 4,294,836,225 > <code>LONG_MAX</code> (2,147,483,647) on 32-bit.</p>
<p><code>PixelCount</code> gets a wrong value, causing the decoder/encoder to process the wrong number of pixels. Fixed by casting to <code>size_t</code> and changing the <code>PixelCount</code> field type from <code>unsigned long</code> to <code>size_t</code>.</p>
<blockquote>
<p><strong>Note:</strong> <code>PixelCount</code> is in <code>GifFilePrivateType</code> (private header <code>gif_lib_private.h</code>), not the public API. Users access it through <code>void *Private</code> in <code>GifFileType</code>. This is <strong>not</strong> an ABI break.</p>
</blockquote>
<hr/>
<h2 id="h-bug-4-unsafe-allocation-in-quantizec">Bug 4: Unsafe allocation in <code>quantize.c</code></h2>
<p><code>malloc(sizeof(QuantizedColorType *) * NumEntries)</code> replaced with <code>reallocarray(NULL, NumEntries, sizeof(QuantizedColorType *))</code> for consistent overflow-safe allocation.</p>
<hr/>
<h2 id="h-security-infrastructure-added">Security Infrastructure Added</h2>
<ul>
<li><code>GifSafeMult()</code> — overflow-checked <code>size_t</code> multiplication helper in <code>gif_lib_private.h</code></li>
<li>Sanitizer Makefile targets: <code>make check-asan</code>, <code>make check-ubsan</code>, <code>make check-sanitizers</code></li>
<li>libFuzzer harness: <code>fuzz/gif_fuzz_dgif.c</code> for the <code>DGifSlurp</code> decode path</li>
</ul>
<hr/>
<h2 id="h-testing">Testing</h2>
<ul>
<li>All 51 existing tests pass (normal build)</li>
<li>All 51 tests pass under UBSan — zero undefined behavior errors</li>
<li>All 51 tests pass under ASan — zero memory errors</li>
<li>Fuzz harness runs clean at ~5000 exec/s with 165 edge coverage</li>
</ul>
<hr/>
<h2 id="h-files-changed">Files Changed</h2>
<div class="codehilite"><pre><span></span><code><span class="nf">Makefile</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">18</span><span class="w"> </span><span class="no">changes</span>
<span class="nf">dgif_lib.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="no">changes</span>
<span class="nf">egif_lib.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="no">changes</span>
<span class="nf">gif_lib_private.h</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="no">changes</span>
<span class="nf">gifalloc.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">41</span><span class="w"> </span><span class="no">changes</span>
<span class="nf">quantize.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">6</span><span class="w"> </span><span class="no">changes</span>
<span class="nf">fuzz</span><span class="err">/</span><span class="no">gif_fuzz_dgif.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="no">lines</span><span class="w"> </span><span class="p">(</span><span class="no">new</span><span class="w"> </span><span class="no">file</span><span class="p">)</span>
<span class="na">.gitignore</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="no">lines</span><span class="w"> </span><span class="p">(</span><span class="no">new</span><span class="w"> </span><span class="no">file</span><span class="p">)</span>
</code></pre></div>
<p>Patch attached. Apply with:</p>
<div class="codehilite"><pre><span></span><code>git<span class="w"> </span>am<span class="w"> </span>giflib-security-hardening.patch
</code></pre></div>
</div>Fix signed integer overflow and memory leak in gifbuild.c2026-02-18T12:33:09.130000Z2026-02-18T12:33:09.130000ZJeffin Philiphttps://sourceforge.net/u/d3f4ult/https://sourceforge.net25918e07ca8709358139719869895107c22a674c<div class="markdown_content"><p>gifbuild.c currently accepts signed integer for Image dimensions, thus negative integers as a result cause a buffer overflow when they are cast to <code>size_t</code>. To prevent this, an integer check is implemented before malloc that checks if dimensions go into negative and if that is the case, the code immediately stops and cleans up any leftover data to prevent data leaks.</p>
<p>Fixes Bug #186</p></div>Patch buffer overrun revealed by FORTIFY_SOURCE2025-05-21T13:27:08.288000Z2025-05-21T13:27:08.288000ZRitesh Raj Sarrafhttps://sourceforge.net/u/riteshsarraf/https://sourceforge.net18ea2e7d78f615ffe6027ec40efcd11f326cc339<div class="markdown_content"><p>During a build of <code>giflib</code>, the below issue was reported at build time. Attached patch should fix the issue based on compiler hints.</p>
<p>giflib: Patch buffer overrun revealed by FORTIFY_SOURCE</p>
<div class="codehilite"><pre><span></span><code><span class="gd">--- a/giftext.c 2025-01-09 20:54:01.061791223 +0000</span>
<span class="gi">+++ b/giftext.c 2025-01-09 21:04:39.525735979 +0000</span>
<span class="gu">@@ -418,7 +418,7 @@</span>
<span class="w"> </span>static void PrintExtBlock(GifByteType *Extension, bool Reset) {
<span class="w"> </span> static int CrntPlace = 0;
<span class="w"> </span> static long ExtCount = 0;
<span class="gd">- static char HexForm[49], AsciiForm[17];</span>
<span class="gi">+ static char HexForm[49], AsciiForm[18];</span>
<span class="w"> </span> if (Reset || Extension == NULL) {
<span class="w"> </span> if (Extension == NULL) {
<span class="gu">@@ -464,7 +464,7 @@</span>
<span class="w"> </span>static void PrintPixelBlock(GifByteType *PixelBlock, int Len, bool Reset) {
<span class="w"> </span> static int CrntPlace = 0;
<span class="w"> </span> static long ExtCount = 0;
<span class="gd">- static char HexForm[49], AsciiForm[17];</span>
<span class="gi">+ static char HexForm[49], AsciiForm[18];</span>
<span class="w"> </span> int i;
<span class="w"> </span> if (Reset || PixelBlock == NULL) {
</code></pre></div>
</div>#33 Race-Condition on Install2024-05-29T08:56:14.938000Z2024-05-29T08:56:14.938000ZSebastian Koernerhttps://sourceforge.net/u/sebastiankoerne/https://sourceforge.netfafae69f258832a2665c902c760d8dd81bb0a60e<div class="markdown_content"><p>Prio is not 1 but very low. I failed to set it correctly.</p></div>Race-Condition on Install2024-05-29T08:55:03.052000Z2024-05-29T08:55:03.052000ZSebastian Koernerhttps://sourceforge.net/u/sebastiankoerne/https://sourceforge.neta7dacfcf7edc46f8aef781544a5b01613eb66d49<div class="markdown_content"><p>Running make install with -j >1 might cause a race-condition:</p>
<div class="codehilite"><pre><span></span><code><span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="s2">"<path>/giflib-build/giflib-5.2.2-install/bin"</span>
<span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="s2">"<path>/giflib-build/giflib-5.2.2-install/include"</span>
<span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="s2">"<path>/giflib-build/giflib-5.2.2-install/lib"</span>
<span class="n">install</span><span class="p">:</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="mi">644</span><span class="w"> </span><span class="n">gif_lib</span><span class="o">.</span><span class="n">h</span><span class="w"> </span><span class="s2">"<path>/giflib-build/giflib-5.2.2-install/include"</span>
<span class="n">mkdir</span><span class="w"> </span><span class="o"><</span><span class="n">path</span><span class="o">>/</span><span class="n">giflib</span><span class="o">-</span><span class="n">build</span><span class="o">/</span><span class="n">giflib</span><span class="o">-</span><span class="mf">5.2</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="n">install</span><span class="p">:</span><span class="w"> </span><span class="n">File</span><span class="w"> </span><span class="n">exists</span>
<span class="n">install</span><span class="w"> </span><span class="n">gif2rgb</span><span class="w"> </span><span class="n">gifbuild</span><span class="w"> </span><span class="n">giffix</span><span class="w"> </span><span class="n">giftext</span><span class="w"> </span><span class="n">giftool</span><span class="w"> </span><span class="n">gifclrmp</span><span class="w"> </span><span class="s2">"<path>/giflib-build/giflib-5.2.2-install/bin"</span>
<span class="n">make</span><span class="p">[</span><span class="mi">1</span><span class="p">]:</span><span class="w"> </span><span class="o">***</span><span class="w"> </span><span class="p">[</span><span class="n">install</span><span class="o">-</span><span class="n">lib</span><span class="p">]</span><span class="w"> </span><span class="n">Error</span><span class="w"> </span><span class="mi">71</span>
<span class="n">make</span><span class="p">[</span><span class="mi">1</span><span class="p">]:</span><span class="w"> </span><span class="o">***</span><span class="w"> </span><span class="n">Waiting</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">unfinished</span><span class="w"> </span><span class="n">jobs</span><span class="o">....</span>
</code></pre></div>
<p>Simplest patch</p>
<div class="codehilite"><pre><span></span><code><span class="gd">--- giflib-5.2.2/Makefile.org</span>
<span class="gi">+++ giflib-5.2.2/Makefile</span>
<span class="gu">@@ -129,6 +129,8 @@</span>
<span class="w"> </span># Installation/uninstallation
<span class="gi">+</span>
<span class="gi">+.NOTPARALLEL: install-bin install-include install-lib install-man</span>
<span class="w"> </span>ifeq ($(UNAME), Darwin)
<span class="w"> </span>install: all install-bin install-include install-lib
<span class="w"> </span>else
</code></pre></div>
</div>#31 Wrong position of gif version mark2024-02-18T19:07:38.810000Z2024-02-18T19:07:38.810000ZEric S. Raymondhttps://sourceforge.net/u/esr/https://sourceforge.net2af31041eb01fab3a4d4c6ca7f8c24163932b0ff<div class="markdown_content"><ul>
<li><strong>status</strong>: open --> closed</li>
</ul></div>#31 Wrong position of gif version mark2024-02-18T19:07:25.827000Z2024-02-18T19:07:25.827000ZEric S. Raymondhttps://sourceforge.net/u/esr/https://sourceforge.netbcc94014b6d051c10b3962bfb6fc2ce8d40e843f<div class="markdown_content"><p>Applied, thanks.</p></div>#32 Fix of spoilt image counter2024-02-18T13:25:04.745000Z2024-02-18T13:25:04.745000ZEric S. Raymondhttps://sourceforge.net/u/esr/https://sourceforge.neta7c680e88d169ce5f0ea9ccef678991c94e41ada<div class="markdown_content"><ul>
<li><strong>status</strong>: open --> closed</li>
</ul></div>#32 Fix of spoilt image counter2024-02-18T13:24:50.538000Z2024-02-18T13:24:50.538000ZEric S. Raymondhttps://sourceforge.net/u/esr/https://sourceforge.net186382af292a0fb8f03b8e8705ba42cefcb8ca1d<div class="markdown_content"><p>Applied, thanks.</p></div>#32 Fix of spoilt image counter2023-10-04T10:14:26.260000Z2023-10-04T10:14:26.260000ZKobrin Elihttps://sourceforge.net/u/kobrineli/https://sourceforge.neta5de3a766bf9bc4809c3d6a8ae42e0db42d75c90<div class="markdown_content"><p>Better use this</p></div>