From f80c98b0b98756236136d8dfc460d8eaa73f7024 Mon Sep 17 00:00:00 2001
From: Michal Hlavinka <mhlavink@redhat.com>
Date: Thu, 6 Feb 2025 15:34:30 +0100
Subject: [PATCH] fix giftext memmory access error (RHEL-77803)

fix giftext memmory access error (RHEL-77803)
Resolves: RHEL-77803
---
 giflib-5.2.1-fixsnprintf.patch | 21 +++++++++++++++++++++
 giflib.spec                    |  6 +++++-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 giflib-5.2.1-fixsnprintf.patch

diff --git a/giflib-5.2.1-fixsnprintf.patch b/giflib-5.2.1-fixsnprintf.patch
new file mode 100644
index 0000000..c048bf4
--- /dev/null
+++ b/giflib-5.2.1-fixsnprintf.patch
@@ -0,0 +1,21 @@
+diff -up giflib-5.2.1/giftext.c.6 giflib-5.2.1/giftext.c
+--- giflib-5.2.1/giftext.c.6	2025-01-31 10:17:17.554855649 +0100
++++ giflib-5.2.1/giftext.c	2025-01-31 10:18:44.420663412 +0100
+@@ -386,7 +386,7 @@ static void PrintExtBlock(GifByteType *E
+ 	for (i = 1; i <= Len; i++) {
+ 	    (void)snprintf(&HexForm[CrntPlace * 3], 3,
+ 			   " %02x", Extension[i]);
+-	    (void)snprintf(&AsciiForm[CrntPlace], 3,
++	    (void)snprintf(&AsciiForm[CrntPlace], 2,
+ 			   "%c", MAKE_PRINTABLE(Extension[i]));
+ 	    if (++CrntPlace == 16) {
+ 		HexForm[CrntPlace * 3] = 0;
+@@ -429,7 +429,7 @@ static void PrintPixelBlock(GifByteType
+     for (i = 0; i < Len; i++) {
+ 	(void)snprintf(&HexForm[CrntPlace * 3], 3,
+ 		       " %02x", PixelBlock[i]);
+-	(void)snprintf(&AsciiForm[CrntPlace], 3,
++	(void)snprintf(&AsciiForm[CrntPlace], 2,
+ 		       "%c", MAKE_PRINTABLE(PixelBlock[i]));
+ 	if (++CrntPlace == 16) {
+ 	    HexForm[CrntPlace * 3] = 0;
diff --git a/giflib.spec b/giflib.spec
index eb3e608..a6d057b 100644
--- a/giflib.spec
+++ b/giflib.spec
@@ -1,7 +1,7 @@
 Name:          giflib
 Summary:       A library and utilities for processing GIFs
 Version:       5.2.1
-Release:       21%{?dist}
+Release:       22%{?dist}
 
 License:       MIT
 URL:           http://www.sourceforge.net/projects/%{name}/
@@ -20,6 +20,7 @@ Patch3:        CVE-2022-28506.patch
 # Fix segmentation faults when invoking tools with incorrect arguments (CVE-2023-39742)
 # Taken from Debian package
 Patch4:        fix-get-args-segment-violation.patch
+Patch5:        giflib-5.2.1-fixsnprintf.patch
 
 
 BuildRequires: cmake
@@ -152,6 +153,9 @@ rm -rf %{buildroot}%{mingw64_mandir}
 
 
 %changelog
+* Thu Feb 06 2025 Michal Hlavinka <mhlavink@redhat.com> - 5.2.1-22
+- fix giftext memmory access error (RHEL-77803)
+
 * Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 5.2.1-21
 - Bump release for October 2024 mass rebuild:
   Resolves: RHEL-64018