From 47272afa97d917dbadb4523f6e21084e9d015fea Mon Sep 17 00:00:00 2001
From: liwenjie <liwenjie@kylinos.cn>
Date: Tue, 14 May 2024 18:05:46 +0800
Subject: [PATCH] Fix CVE-2021-40633

---
 CVE-2021-40633.patch | 13 +++++++++++++
 giflib.spec          |  6 +++++-
 2 files changed, 18 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-40633.patch

diff --git a/CVE-2021-40633.patch b/CVE-2021-40633.patch
new file mode 100644
index 0000000..18331f5
--- /dev/null
+++ b/CVE-2021-40633.patch
@@ -0,0 +1,13 @@
+diff -urN giflib-5.2.2/gif2rgb.c giflib-5.2.2-bak/gif2rgb.c
+--- giflib-5.2.2/gif2rgb.c	2024-05-14 16:06:40.098092160 +0800
++++ giflib-5.2.2-bak/gif2rgb.c	2024-05-14 15:53:42.426757251 +0800
+@@ -525,6 +525,9 @@
+ 	DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer,
+ 	               GifFile->SWidth, GifFile->SHeight);
+ 
++	for (i = 0; i < GifFile->SHeight; i++) {
++		(void)free(ScreenBuffer[i]);
++	}
+ 	(void)free(ScreenBuffer);
+ 
+ 	{
diff --git a/giflib.spec b/giflib.spec
index 944781a..8be09f7 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -2,7 +2,7 @@
 
 Name:          giflib
 Version:       5.2.2
-Release:       1
+Release:       2
 Summary:       A library and utilities for processing GIFs
 License:       MIT
 URL:           http://www.sourceforge.net/projects/giflib/
@@ -14,6 +14,7 @@ Patch0: 0001-Move-quantize.c-back-into-libgif.so.patch
 Patch1: 0002-Fix-several-defects-found-by-Coverity-scan.patch
 # Generate HTML docs with consistent section IDs to avoid multilib difference
 Patch2: 0003-Generate-HTML-docs-with-consistent-section-IDs-to-av.patch
+Patch3: CVE-2021-40633.patch
 
 BuildRequires: make xmlto gcc
 BuildRequires: ImageMagick
@@ -74,6 +75,9 @@ rm -f %{buildroot}/debugsourcefiles.list
 %{_bindir}/gif*
 
 %changelog
+* Tue May 14 2024 liwenjie <liwenjie@kylinos.cn> - 5.2.2-2
+- Fix CVE-2021-40633
+
 * Thu Mar 07 2024 liweigang <izmirvii@gmail.com> - 5.2.2-1
 - update to version 5.2.2
 
-- 
Gitee