From 8afdbbef0bf57251d1a58ea7c2a371b89bf6826f Mon Sep 17 00:00:00 2001 From: Kleis Auke Wolthuizen Date: Fri, 10 Jun 2022 10:57:52 +0200 Subject: [PATCH] cgifsave: fix heap-use-after-free `liq_set_dithering_level` could somehow free the palette, so do the transparency check prior to that. --- libvips/foreign/cgifsave.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/libvips/foreign/cgifsave.c b/libvips/foreign/cgifsave.c index 9e9aae51d5..a29dd07640 100644 --- a/libvips/foreign/cgifsave.c +++ b/libvips/foreign/cgifsave.c @@ -290,7 +290,7 @@ vips_foreign_save_cgif_write_frame( VipsForeignSaveCgif *cgif ) if( cur[3] >= 128 ) cur[3] = 255; else { - /* Helps the quanizer generate a better palette. + /* Helps the quantizer generate a better palette. */ cur[0] = 0; cur[1] = 0; @@ -366,7 +366,7 @@ vips_foreign_save_cgif_write_frame( VipsForeignSaveCgif *cgif ) /* Also drop saved local result as it's usage * doesn't make sense now and it's better to - * use a new local result if neeeded + * use a new local result if needed */ VIPS_FREEF( vips__quantise_result_destroy, cgif->local_quantisation_result ); @@ -407,6 +407,10 @@ vips_foreign_save_cgif_write_frame( VipsForeignSaveCgif *cgif ) } } + /* If there's a transparent pixel, it's always first. + */ + cgif->has_transparency = lp->entries[0].a == 0; + /* Dither frame. */ vips__quantise_set_dithering_level( quantisation_result, cgif->dither ); @@ -416,10 +420,6 @@ vips_foreign_save_cgif_write_frame( VipsForeignSaveCgif *cgif ) return( -1 ); } - /* If there's a transparent pixel, it's always first. - */ - cgif->has_transparency = lp->entries[0].a == 0; - /* Set up cgif on first use, so we can set the first cmap as the global * one. *