From 7ef531b7b9224f4cfd2353d0d9f6ad47ac3e45e4 Mon Sep 17 00:00:00 2001
From: duyiwei <duyiwei@kylinos.cn>
Date: Thu, 16 Jun 2022 10:35:12 +0800
Subject: [PATCH] fix CVE-2022-28506

---
 CVE-2022-28506.patch | 31 +++++++++++++++++++++++++++++++
 giflib.spec          |  6 +++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2022-28506.patch

diff --git a/CVE-2022-28506.patch b/CVE-2022-28506.patch
new file mode 100644
index 0000000..1905969
--- /dev/null
+++ b/CVE-2022-28506.patch
@@ -0,0 +1,31 @@
+From c80f2b9f12a9ed0df7a629c9da1c4a82e9e39923 Mon Sep 17 00:00:00 2001
+From: duyiwei <duyiwei@kylinos.cn>
+Date: Wed, 15 Jun 2022 14:46:24 +0800
+Subject: [PATCH] CVE-2022-28506
+
+Signed-off-by: duyiwei <duyiwei@kylinos.cn>
+---
+ gif2rgb.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/gif2rgb.c b/gif2rgb.c
+index ccbc0aa..87c413e 100644
+--- a/gif2rgb.c
++++ b/gif2rgb.c
+@@ -303,7 +303,12 @@ static void DumpScreen2RGB(char *FileName, int OneFileFlag,
+             GifRow = ScreenBuffer[i];
+             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
+             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
+-                ColorMapEntry = &ColorMap->Colors[GifRow[j]];
++                /* Check if color is within color palete */
++                if (GifRow[j] >= ColorMap->ColorCount)
++                {
++                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
++                }
++	       	ColorMapEntry = &ColorMap->Colors[GifRow[j]];
+                 *BufferP++ = ColorMapEntry->Red;
+                 *BufferP++ = ColorMapEntry->Green;
+                 *BufferP++ = ColorMapEntry->Blue;
+-- 
+2.33.0
+
diff --git a/giflib.spec b/giflib.spec
index fead976..723a301 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -2,7 +2,7 @@
 
 Name:          giflib
 Version:       5.2.1
-Release:       3 
+Release:       4 
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@@ -14,6 +14,7 @@ Patch0:giflib_quantize.patch
 Patch1:giflib_coverity.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2:giflib_html-docs-consistent-ids.patch
+Patch3:CVE-2022-28506.patch
 
 BuildRequires: make xmlto gcc
 provides:      giflib-utils
@@ -73,6 +74,9 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*
 
 %changelog
+* Thu Jun 16 2022 duyiwei <duyiwei@kylinos.cn> - 5.2.1-4
+- fix CVE-2022-28506
+
 * Thu May 20 2021 liuyumeng <liuyumeng5@huawei.com> - 5.2.1-3
 - Add a package named utils
 
-- 
Gitee