LibGfx: Fix global-buffer-overflow in interlaced GIF decode

Regressed with 57e10eadac01273cc4c0bcb681aa9381cacef0b3 and immediately caught by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=30507
author: Andreas Kling <kling@serenityos.org> 2021-02-07 11:18:55 +0100
committer: Andreas Kling <kling@serenityos.org> 2021-02-07 11:18:55 +0100
commit: 10420dee7e48c818a7b1c5386b8fcebc587825f0 (patch)
tree: df8053f3e0424637e4af2ccadd49bb585c08f028 /Userland
parent: 0c66e53544f933500477ddad05bc5a7f15bea951 (diff)
download: serenity-10420dee7e48c818a7b1c5386b8fcebc587825f0.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/Userland/Libraries/LibGfx/GIFLoader.cpp b/Userland/Libraries/LibGfx/GIFLoader.cpp
index 4e69cc7fb5..278c5a686c 100644
--- a/Userland/Libraries/LibGfx/GIFLoader.cpp
+++ b/Userland/Libraries/LibGfx/GIFLoader.cpp
@@ -404,7 +404,8 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
                             if (interlace_pass < 4)
                                 row = INTERLACE_ROW_OFFSETS[interlace_pass];
                         } else {
-                            row += INTERLACE_ROW_STRIDES[interlace_pass];
+                            if (interlace_pass < 4)
+                                row += INTERLACE_ROW_STRIDES[interlace_pass];
                         }
                     } else {
                         ++row;
author	Andreas Kling <kling@serenityos.org>	2021-02-07 11:18:55 +0100
committer	Andreas Kling <kling@serenityos.org>	2021-02-07 11:18:55 +0100
commit	10420dee7e48c818a7b1c5386b8fcebc587825f0 (patch)
tree	df8053f3e0424637e4af2ccadd49bb585c08f028 /Userland
parent	0c66e53544f933500477ddad05bc5a7f15bea951 (diff)
download	serenity-10420dee7e48c818a7b1c5386b8fcebc587825f0.zip