Recent changes to patcheshttps://sourceforge.net/p/giflib/patches/Recent changes to patchesenMon, 06 Apr 2026 18:33:52 -0000Comprehensive integer overflow prevention and security hardeninghttps://sourceforge.net/p/giflib/patches/37/<div class="markdown_content"><h2 id="h-summary">Summary</h2> <p>This patch fixes 4 integer overflow vulnerabilities in giflib's core library and adds security testing infrastructure (sanitizer build targets + libFuzzer harness).</p> <hr/> <h2 id="h-bug-1-signed-integer-overflow-in-gifapplytranslation-gifallocc214">Bug 1: Signed integer overflow in <code>GifApplyTranslation</code> (<code>gifalloc.c:214</code>)</h2> <p><code>Height * Width</code> is computed as <code>int</code> (signed 32-bit). For images where the product exceeds <code>INT_MAX</code>, this is undefined behavior per C99 §6.5/5.</p> <p><strong>UBSan trace on unpatched giflib 6.1.2:</strong></p> <div class="codehilite"><pre><span></span><code><span class="nx">gifalloc</span><span class="p">.</span><span class="nx">c</span><span class="p">:</span><span class="mi">214</span><span class="p">:</span><span class="mi">15</span><span class="p">:</span><span class="w"> </span><span class="nx">runtime</span><span class="w"> </span><span class="nx">error</span><span class="p">:</span><span class="w"> </span><span class="nx">signed</span><span class="w"> </span><span class="nx">integer</span><span class="w"> </span><span class="nx">overflow</span><span class="p">:</span> <span class="mi">46341</span><span class="w"> </span><span class="o">*</span><span class="w"> </span><span class="mi">46341</span><span class="w"> </span><span class="nx">cannot</span><span class="w"> </span><span class="nx">be</span><span class="w"> </span><span class="nx">represented</span><span class="w"> </span><span class="k">in</span><span class="w"> </span><span class="k">type</span><span class="w"> </span><span class="err">'</span><span class="nx">int</span><span class="err">'</span> </code></pre></div> <p>The loop bound <code>RasterSize</code> gets an unpredictable value due to UB, corrupting pixel translation. Fixed by using <code>size_t</code> with a new <code>GifSafeMult()</code> overflow-checked multiplication helper.</p> <hr/> <h2 id="h-bug-2-heap-buffer-overflow-in-gifmakesavedimage-gifallocc372-384">Bug 2: Heap buffer overflow in <code>GifMakeSavedImage</code> (<code>gifalloc.c:372-384</code>)</h2> <p>Two independent overflow sites in the same function:</p> <ol> <li> <p><code>reallocarray(NULL, (Height * Width), sizeof(GifPixelType))</code> — the <code>Height * Width</code> multiplication happens in <code>int</code> arithmetic before being passed to <code>reallocarray</code>, defeating its overflow protection entirely. The overflowed <code>int</code> is implicitly converted to <code>size_t</code>, producing a wrong allocation size.</p> </li> <li> <p><code>memcpy(dst, src, sizeof(GifPixelType) * Height * Width)</code> — computes the copy size independently, also in <code>int</code> arithmetic. The <code>memcpy</code> size does not match the allocation size — on overflow, <code>memcpy</code> writes past the allocated buffer → heap buffer overflow.</p> </li> </ol> <p>Fixed by computing the size once with <code>GifSafeMult()</code> and using it for both allocation and copy. On overflow, the function returns <code>NULL</code> instead of allocating a wrong-sized buffer.</p> <hr/> <h2 id="h-bug-3-pixelcount-overflow-on-32-bit-systems-dgif_libc418-egif_libc451">Bug 3: <code>PixelCount</code> overflow on 32-bit systems (<code>dgif_lib.c:418</code>, <code>egif_lib.c:451</code>)</h2> <p><code>(long)Width * (long)Height</code> overflows signed <code>long</code> on 32-bit platforms where <code>long</code> is 32 bits. For example: 65535 × 65535 = 4,294,836,225 &gt; <code>LONG_MAX</code> (2,147,483,647) on 32-bit.</p> <p><code>PixelCount</code> gets a wrong value, causing the decoder/encoder to process the wrong number of pixels. Fixed by casting to <code>size_t</code> and changing the <code>PixelCount</code> field type from <code>unsigned long</code> to <code>size_t</code>.</p> <blockquote> <p><strong>Note:</strong> <code>PixelCount</code> is in <code>GifFilePrivateType</code> (private header <code>gif_lib_private.h</code>), not the public API. Users access it through <code>void *Private</code> in <code>GifFileType</code>. This is <strong>not</strong> an ABI break.</p> </blockquote> <hr/> <h2 id="h-bug-4-unsafe-allocation-in-quantizec">Bug 4: Unsafe allocation in <code>quantize.c</code></h2> <p><code>malloc(sizeof(QuantizedColorType *) * NumEntries)</code> replaced with <code>reallocarray(NULL, NumEntries, sizeof(QuantizedColorType *))</code> for consistent overflow-safe allocation.</p> <hr/> <h2 id="h-security-infrastructure-added">Security Infrastructure Added</h2> <ul> <li><code>GifSafeMult()</code> — overflow-checked <code>size_t</code> multiplication helper in <code>gif_lib_private.h</code></li> <li>Sanitizer Makefile targets: <code>make check-asan</code>, <code>make check-ubsan</code>, <code>make check-sanitizers</code></li> <li>libFuzzer harness: <code>fuzz/gif_fuzz_dgif.c</code> for the <code>DGifSlurp</code> decode path</li> </ul> <hr/> <h2 id="h-testing">Testing</h2> <ul> <li>All 51 existing tests pass (normal build)</li> <li>All 51 tests pass under UBSan — zero undefined behavior errors</li> <li>All 51 tests pass under ASan — zero memory errors</li> <li>Fuzz harness runs clean at ~5000 exec/s with 165 edge coverage</li> </ul> <hr/> <h2 id="h-files-changed">Files Changed</h2> <div class="codehilite"><pre><span></span><code><span class="nf">Makefile</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">18</span><span class="w"> </span><span class="no">changes</span> <span class="nf">dgif_lib.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">4</span><span class="w"> </span><span class="no">changes</span> <span class="nf">egif_lib.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="no">changes</span> <span class="nf">gif_lib_private.h</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">15</span><span class="w"> </span><span class="no">changes</span> <span class="nf">gifalloc.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">41</span><span class="w"> </span><span class="no">changes</span> <span class="nf">quantize.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">6</span><span class="w"> </span><span class="no">changes</span> <span class="nf">fuzz</span><span class="err">/</span><span class="no">gif_fuzz_dgif.c</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">63</span><span class="w"> </span><span class="no">lines</span><span class="w"> </span><span class="p">(</span><span class="no">new</span><span class="w"> </span><span class="no">file</span><span class="p">)</span> <span class="na">.gitignore</span><span class="w"> </span><span class="err">|</span><span class="w"> </span><span class="mi">2</span><span class="w"> </span><span class="no">lines</span><span class="w"> </span><span class="p">(</span><span class="no">new</span><span class="w"> </span><span class="no">file</span><span class="p">)</span> </code></pre></div> <p>Patch attached. Apply with:</p> <div class="codehilite"><pre><span></span><code>git<span class="w"> </span>am<span class="w"> </span>giflib-security-hardening.patch </code></pre></div> </div>Mohammad SeetMon, 06 Apr 2026 18:33:52 -0000https://sourceforge.net54f854f6b790217d0cf04b2457e2272867119b40Fix signed integer overflow and memory leak in gifbuild.chttps://sourceforge.net/p/giflib/patches/36/<div class="markdown_content"><p>gifbuild.c currently accepts signed integer for Image dimensions, thus negative integers as a result cause a buffer overflow when they are cast to <code>size_t</code>. To prevent this, an integer check is implemented before malloc that checks if dimensions go into negative and if that is the case, the code immediately stops and cleans up any leftover data to prevent data leaks.</p> <p>Fixes Bug #186</p></div>Jeffin PhilipWed, 18 Feb 2026 12:33:09 -0000https://sourceforge.net25918e07ca8709358139719869895107c22a674cPatch buffer overrun revealed by FORTIFY_SOURCEhttps://sourceforge.net/p/giflib/patches/34/<div class="markdown_content"><p>During a build of <code>giflib</code>, the below issue was reported at build time. Attached patch should fix the issue based on compiler hints.</p> <p>giflib: Patch buffer overrun revealed by FORTIFY_SOURCE</p> <div class="codehilite"><pre><span></span><code><span class="gd">--- a/giftext.c 2025-01-09 20:54:01.061791223 +0000</span> <span class="gi">+++ b/giftext.c 2025-01-09 21:04:39.525735979 +0000</span> <span class="gu">@@ -418,7 +418,7 @@</span> <span class="w"> </span>static void PrintExtBlock(GifByteType *Extension, bool Reset) { <span class="w"> </span> static int CrntPlace = 0; <span class="w"> </span> static long ExtCount = 0; <span class="gd">- static char HexForm[49], AsciiForm[17];</span> <span class="gi">+ static char HexForm[49], AsciiForm[18];</span> <span class="w"> </span> if (Reset || Extension == NULL) { <span class="w"> </span> if (Extension == NULL) { <span class="gu">@@ -464,7 +464,7 @@</span> <span class="w"> </span>static void PrintPixelBlock(GifByteType *PixelBlock, int Len, bool Reset) { <span class="w"> </span> static int CrntPlace = 0; <span class="w"> </span> static long ExtCount = 0; <span class="gd">- static char HexForm[49], AsciiForm[17];</span> <span class="gi">+ static char HexForm[49], AsciiForm[18];</span> <span class="w"> </span> int i; <span class="w"> </span> if (Reset || PixelBlock == NULL) { </code></pre></div> </div>Ritesh Raj SarrafWed, 21 May 2025 13:27:08 -0000https://sourceforge.net18ea2e7d78f615ffe6027ec40efcd11f326cc339#33 Race-Condition on Installhttps://sourceforge.net/p/giflib/patches/33/?limit=25#4934<div class="markdown_content"><p>Prio is not 1 but very low. I failed to set it correctly.</p></div>Sebastian KoernerWed, 29 May 2024 08:56:14 -0000https://sourceforge.netfafae69f258832a2665c902c760d8dd81bb0a60eRace-Condition on Installhttps://sourceforge.net/p/giflib/patches/33/<div class="markdown_content"><p>Running make install with -j &gt;1 might cause a race-condition:</p> <div class="codehilite"><pre><span></span><code><span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="s2">"&lt;path&gt;/giflib-build/giflib-5.2.2-install/bin"</span> <span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="s2">"&lt;path&gt;/giflib-build/giflib-5.2.2-install/include"</span> <span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">d</span><span class="w"> </span><span class="s2">"&lt;path&gt;/giflib-build/giflib-5.2.2-install/lib"</span> <span class="n">install</span><span class="p">:</span><span class="w"> </span><span class="n">install</span><span class="w"> </span><span class="o">-</span><span class="n">m</span><span class="w"> </span><span class="mi">644</span><span class="w"> </span><span class="n">gif_lib</span><span class="o">.</span><span class="n">h</span><span class="w"> </span><span class="s2">"&lt;path&gt;/giflib-build/giflib-5.2.2-install/include"</span> <span class="n">mkdir</span><span class="w"> </span><span class="o">&lt;</span><span class="n">path</span><span class="o">&gt;/</span><span class="n">giflib</span><span class="o">-</span><span class="n">build</span><span class="o">/</span><span class="n">giflib</span><span class="o">-</span><span class="mf">5.2</span><span class="o">.</span><span class="mi">2</span><span class="o">-</span><span class="n">install</span><span class="p">:</span><span class="w"> </span><span class="n">File</span><span class="w"> </span><span class="n">exists</span> <span class="n">install</span><span class="w"> </span><span class="n">gif2rgb</span><span class="w"> </span><span class="n">gifbuild</span><span class="w"> </span><span class="n">giffix</span><span class="w"> </span><span class="n">giftext</span><span class="w"> </span><span class="n">giftool</span><span class="w"> </span><span class="n">gifclrmp</span><span class="w"> </span><span class="s2">"&lt;path&gt;/giflib-build/giflib-5.2.2-install/bin"</span> <span class="n">make</span><span class="p">[</span><span class="mi">1</span><span class="p">]:</span><span class="w"> </span><span class="o">***</span><span class="w"> </span><span class="p">[</span><span class="n">install</span><span class="o">-</span><span class="n">lib</span><span class="p">]</span><span class="w"> </span><span class="n">Error</span><span class="w"> </span><span class="mi">71</span> <span class="n">make</span><span class="p">[</span><span class="mi">1</span><span class="p">]:</span><span class="w"> </span><span class="o">***</span><span class="w"> </span><span class="n">Waiting</span><span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="n">unfinished</span><span class="w"> </span><span class="n">jobs</span><span class="o">....</span> </code></pre></div> <p>Simplest patch</p> <div class="codehilite"><pre><span></span><code><span class="gd">--- giflib-5.2.2/Makefile.org</span> <span class="gi">+++ giflib-5.2.2/Makefile</span> <span class="gu">@@ -129,6 +129,8 @@</span> <span class="w"> </span># Installation/uninstallation <span class="gi">+</span> <span class="gi">+.NOTPARALLEL: install-bin install-include install-lib install-man</span> <span class="w"> </span>ifeq ($(UNAME), Darwin) <span class="w"> </span>install: all install-bin install-include install-lib <span class="w"> </span>else </code></pre></div> </div>Sebastian KoernerWed, 29 May 2024 08:55:03 -0000https://sourceforge.neta7dacfcf7edc46f8aef781544a5b01613eb66d49#31 Wrong position of gif version markhttps://sourceforge.net/p/giflib/patches/31/?limit=25#af8b<div class="markdown_content"><ul> <li><strong>status</strong>: open --&gt; closed</li> </ul></div>Eric S. RaymondSun, 18 Feb 2024 19:07:38 -0000https://sourceforge.net2af31041eb01fab3a4d4c6ca7f8c24163932b0ff#31 Wrong position of gif version markhttps://sourceforge.net/p/giflib/patches/31/?limit=25#1211<div class="markdown_content"><p>Applied, thanks.</p></div>Eric S. RaymondSun, 18 Feb 2024 19:07:25 -0000https://sourceforge.netbcc94014b6d051c10b3962bfb6fc2ce8d40e843f#32 Fix of spoilt image counterhttps://sourceforge.net/p/giflib/patches/32/?limit=25#b90c<div class="markdown_content"><ul> <li><strong>status</strong>: open --&gt; closed</li> </ul></div>Eric S. RaymondSun, 18 Feb 2024 13:25:04 -0000https://sourceforge.neta7c680e88d169ce5f0ea9ccef678991c94e41ada#32 Fix of spoilt image counterhttps://sourceforge.net/p/giflib/patches/32/?limit=25#17b4<div class="markdown_content"><p>Applied, thanks.</p></div>Eric S. RaymondSun, 18 Feb 2024 13:24:50 -0000https://sourceforge.net186382af292a0fb8f03b8e8705ba42cefcb8ca1d#32 Fix of spoilt image counterhttps://sourceforge.net/p/giflib/patches/32/?limit=25#e2d0<div class="markdown_content"><p>Better use this</p></div>Kobrin EliWed, 04 Oct 2023 10:14:26 -0000https://sourceforge.neta5de3a766bf9bc4809c3d6a8ae42e0db42d75c90