diff -Nru giflib-5.1.2/Makefile.am giflib-5.1.4/Makefile.am --- giflib-5.1.2/Makefile.am 2015-05-28 05:02:44.000000000 +0000 +++ giflib-5.1.4/Makefile.am 2016-01-08 05:00:18.000000000 +0000 @@ -38,3 +38,9 @@ cd doc; make website shipper version=@VERSION@ | sh -e -x rm -fr doc/staging + +# Refresh the wbsite +refresh: + cd doc; make website + shipper -w version=@VERSION@ | sh -e -x + rm -fr doc/staging diff -Nru giflib-5.1.2/Makefile.in giflib-5.1.4/Makefile.in --- giflib-5.1.2/Makefile.in 2016-01-07 12:54:02.000000000 +0000 +++ giflib-5.1.4/Makefile.in 2016-04-02 15:36:45.000000000 +0000 @@ -1212,6 +1212,12 @@ shipper version=@VERSION@ | sh -e -x rm -fr doc/staging +# Refresh the wbsite +refresh: + cd doc; make website + shipper -w version=@VERSION@ | sh -e -x + rm -fr doc/staging + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff -Nru giflib-5.1.2/NEWS giflib-5.1.4/NEWS --- giflib-5.1.2/NEWS 2016-01-07 12:53:05.000000000 +0000 +++ giflib-5.1.4/NEWS 2016-04-02 15:35:30.000000000 +0000 @@ -1,5 +1,45 @@ GIFLIB NEWS + +Version 5.1.4 +============= + +Code Fixes +---------- + +* Fix SF bug #94: giflib 5 loves to fail to load images... a LOT. + +* Fix SF Bug #92: Fix buffer overread in gifbuild. + +* Fix SF Bug #93: Add bounds check in gifbuild netscape2.0 path + +* Fix SF Bug #89: Fix buffer overread in gifbuild. + +Version 5.1.3 +============= + +As of this version the library and code has been seriously abused by fuzzers, +smoking out crash bugs (now fixed) induced by various kinds of severely +malformed GIF. + +Code Fixes +---------- + +* Prevent malloc randomess from causing the header output routine to emit + a GIF89 version string even when no GIF89 features are present. Only + breaks tests, not production code, but it's odd this wasn't caught sooner. + +* Prevent malloc randomess from producing sporadic failures by causing + sanity checks added in 5.1.2 to misfire. + +* Bulletproof gif2rgb against 0-height images. Addressed SF bug #78: + Heap overflow in gif2rgb with images of size 0, also SF bug #82. + +* Remove unnecessary duplicate EGifClose() in gifcolor.c. Fixes SF bug #83 + introduced in 5.1.2. + +* Fix SF Bug #84: incorrect return of DGifSlurp(). + Version 5.1.2 ============= @@ -30,7 +70,7 @@ * Fix SourceForge bug #73: Null pointer deference in gifclrmap (only reachable with malformed GIF). -* Fix SourceForge bug #74: Double free in gifsponge under 5.1,1, +* Fix SourceForge bug #74: Double free in gifsponge under 5.1.1, for any valid gif image. * Fix SourceForge bug #75: GAGetArgs overflows due to uncounted use of va_arg. @@ -146,7 +186,7 @@ Retirements ----------- -* gifinter is gone. Use convert -interlace from the ImageMagic suite. +* gifinter is gone. Use convert -interlace from the ImageMagick suite. Code Fixes ---------- diff -Nru giflib-5.1.2/configure giflib-5.1.4/configure --- giflib-5.1.2/configure 2016-01-07 12:54:02.000000000 +0000 +++ giflib-5.1.4/configure 2016-04-02 15:36:45.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for giflib 5.1.2. +# Generated by GNU Autoconf 2.69 for giflib 5.1.4. # # Report bugs to . # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='giflib' PACKAGE_TARNAME='giflib' -PACKAGE_VERSION='5.1.2' -PACKAGE_STRING='giflib 5.1.2' +PACKAGE_VERSION='5.1.4' +PACKAGE_STRING='giflib 5.1.4' PACKAGE_BUGREPORT='esr@thyrsus.com' PACKAGE_URL='' @@ -1314,7 +1314,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures giflib 5.1.2 to adapt to many kinds of systems. +\`configure' configures giflib 5.1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1384,7 +1384,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of giflib 5.1.2:";; + short | recursive ) echo "Configuration of giflib 5.1.4:";; esac cat <<\_ACEOF @@ -1489,7 +1489,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -giflib configure 5.1.2 +giflib configure 5.1.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1858,7 +1858,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by giflib $as_me 5.1.2, which was +It was created by giflib $as_me 5.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2723,7 +2723,7 @@ # Define the identity of the package. PACKAGE='giflib' - VERSION='5.1.2' + VERSION='5.1.4' cat >>confdefs.h <<_ACEOF @@ -13218,7 +13218,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by giflib $as_me 5.1.2, which was +This file was extended by giflib $as_me 5.1.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13284,7 +13284,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -giflib config.status 5.1.2 +giflib config.status 5.1.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -Nru giflib-5.1.2/configure.ac giflib-5.1.4/configure.ac --- giflib-5.1.2/configure.ac 2016-01-07 12:51:33.000000000 +0000 +++ giflib-5.1.4/configure.ac 2016-04-02 15:35:30.000000000 +0000 @@ -1,5 +1,5 @@ dnl Process this file with autoconf to produce a configure script. -AC_INIT(giflib, [5.1.2], [esr@thyrsus.com], giflib) +AC_INIT(giflib, [5.1.4], [esr@thyrsus.com], giflib) AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_SRCDIR([lib/dgif_lib.c]) AM_INIT_AUTOMAKE([gnu dist-bzip2 -Wall]) diff -Nru giflib-5.1.2/debian/changelog giflib-5.1.4/debian/changelog --- giflib-5.1.2/debian/changelog 2016-01-27 00:01:33.000000000 +0000 +++ giflib-5.1.4/debian/changelog 2016-06-10 11:03:12.000000000 +0000 @@ -1,3 +1,44 @@ +giflib (5.1.4-0.3~16.04) xenial-proposed; urgency=medium + + * SRU: LP: #1580376: Prepare bug fix release for 16.04 LTS. + + -- Matthias Klose Fri, 10 Jun 2016 13:01:06 +0200 + +giflib (5.1.4-0.3) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2016-3977: gif2rgb: heap buffer overflow. Closes: #820526. + + -- Matthias Klose Fri, 10 Jun 2016 00:24:07 +0200 + +giflib (5.1.4-0.2) unstable; urgency=medium + + * Non-maintainer upload. + * Drop the local fix for issue #81, solved differently upstream. + Closes: #823481. + + -- Matthias Klose Sun, 08 May 2016 17:40:28 +0200 + +giflib (5.1.4-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream version. + * Security issues already fixed in 5.1.2: CVE-2016-3977. + Closes: #820594, #820526. + * Update symbols file. + + -- Matthias Klose Mon, 25 Apr 2016 20:19:43 +0200 + +giflib (5.1.2-0.3) unstable; urgency=medium + + * Non-maintainer upload. + [ Tobias Frost ] + * debian/patches/ef0cb9b4be572262b49fbc26fb2348683f44a517.patch: + try to fix testsuite failures on feh/powerpc. + (Closes: #812657) + + -- Gianfranco Costamagna Fri, 15 Apr 2016 19:09:44 +0200 + giflib (5.1.2-0.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru giflib-5.1.2/debian/control giflib-5.1.4/debian/control --- giflib-5.1.2/debian/control 2015-10-21 14:45:23.000000000 +0000 +++ giflib-5.1.4/debian/control 2016-04-25 18:28:32.000000000 +0000 @@ -3,7 +3,7 @@ Priority: optional Maintainer: Thibaut Gridel Build-Depends: debhelper (>= 9), autotools-dev, dh-autoreconf, xmlto -Standards-Version: 3.9.6 +Standards-Version: 3.9.8 Homepage: http://giflib.sourceforge.net/ Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/giflib.git;a=shortlog;h=refs/heads/debian Vcs-Git: git://anonscm.debian.org/collab-maint/giflib.git -b debian diff -Nru giflib-5.1.2/debian/libgif7.symbols giflib-5.1.4/debian/libgif7.symbols --- giflib-5.1.2/debian/libgif7.symbols 2015-10-21 14:44:47.000000000 +0000 +++ giflib-5.1.4/debian/libgif7.symbols 2016-04-25 18:31:33.000000000 +0000 @@ -57,3 +57,4 @@ _ExistsHashTable@Base 5.1 _InitHashTable@Base 5.1 _InsertHashTable@Base 5.1 + reallocarray@Base 5.1.4 diff -Nru giflib-5.1.2/debian/patches/issue81.diff giflib-5.1.4/debian/patches/issue81.diff --- giflib-5.1.2/debian/patches/issue81.diff 2016-01-26 23:57:59.000000000 +0000 +++ giflib-5.1.4/debian/patches/issue81.diff 1970-01-01 00:00:00.000000000 +0000 @@ -1,37 +0,0 @@ -From 60d124d3e829635b5b868f5dd6de6b7421ce03b5 Mon Sep 17 00:00:00 2001 -From: Niko Tyni -Date: Thu, 21 Jan 2016 18:56:49 +0200 -Subject: [PATCH] Initialize memory in DGifOpen() too - -Commit ef0cb9b4be572262b49fbc26fb2348683f44a517 fixed this for -DGifOpenFileHandle(), but missed the other code path. - -Bug: http://sourceforge.net/p/giflib/bugs/81/ -Bug-Debian: https://bugs.debian.org/812093 ---- - lib/dgif_lib.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/dgif_lib.c b/lib/dgif_lib.c -index 667e939..2f8ac8b 100644 ---- a/lib/dgif_lib.c -+++ b/lib/dgif_lib.c -@@ -166,6 +166,7 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error) - *Error = D_GIF_ERR_NOT_ENOUGH_MEM; - return NULL; - } -+ /*@i1@*/memset(GifFile, '\0', sizeof(GifFileType)); - - memset(GifFile, '\0', sizeof(GifFileType)); - -@@ -180,6 +181,7 @@ DGifOpen(void *userData, InputFunc readFunc, int *Error) - free((char *)GifFile); - return NULL; - } -+ /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); - - GifFile->Private = (void *)Private; - Private->FileHandle = 0; --- -2.7.0.rc3 - diff -Nru giflib-5.1.2/debian/patches/issue87.diff giflib-5.1.4/debian/patches/issue87.diff --- giflib-5.1.2/debian/patches/issue87.diff 1970-01-01 00:00:00.000000000 +0000 +++ giflib-5.1.4/debian/patches/issue87.diff 2016-06-09 22:21:22.000000000 +0000 @@ -0,0 +1,32 @@ +--- a/util/gif2rgb.c ++++ b/util/gif2rgb.c +@@ -15,7 +15,7 @@ + + I (ESR) took this off the main to-do list in 2012 because I don't think + the GIFLIB project actually needs to be in the converters-and-tools business. +-Plenty of hackers do that; our jub is to supply stable library capability ++Plenty of hackers do that; our job is to supply stable library capability + with our utilities mainly interesting as test tools. + + ***************************************************************************/ +@@ -461,13 +461,19 @@ + break; + } + } while (RecordType != TERMINATE_RECORD_TYPE); +- ++ + /* Lets dump it - set the global variables required and do it: */ + ColorMap = (GifFile->Image.ColorMap + ? GifFile->Image.ColorMap + : GifFile->SColorMap); + if (ColorMap == NULL) { + fprintf(stderr, "Gif Image does not have a colormap\n"); ++ exit(EXIT_FAILURE); ++ } ++ ++ /* check that the background color isn't garbage (SF bug #87) */ ++ if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { ++ fprintf(stderr, "Background color out of range for colormap\n"); + exit(EXIT_FAILURE); + } + diff -Nru giflib-5.1.2/debian/patches/series giflib-5.1.4/debian/patches/series --- giflib-5.1.2/debian/patches/series 2016-01-27 00:00:10.000000000 +0000 +++ giflib-5.1.4/debian/patches/series 2016-06-09 22:22:36.000000000 +0000 @@ -1,3 +1,3 @@ 03-spelling_fixes.patch #04-fprintf_format_error.patch -issue81.diff +issue87.diff diff -Nru giflib-5.1.2/doc/gif2rgb.1 giflib-5.1.4/doc/gif2rgb.1 --- giflib-5.1.2/doc/gif2rgb.1 2016-01-07 11:20:12.000000000 +0000 +++ giflib-5.1.4/doc/gif2rgb.1 2016-04-02 15:34:45.000000000 +0000 @@ -66,7 +66,7 @@ .PP By default, convert a GIF input file to RGB triplets\&. If \-s is specified, convert RGB input to a GIF\&. .PP -If no input file is given, gif2rgb will try to read adata from stdin\&. +If no input file is given, gif2rgb will try to read data from stdin\&. .SH "AUTHOR" .PP Gershon Elber\&. diff -Nru giflib-5.1.2/doc/gif2rgb.xml giflib-5.1.4/doc/gif2rgb.xml --- giflib-5.1.2/doc/gif2rgb.xml 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/doc/gif2rgb.xml 2016-04-02 15:34:00.000000000 +0000 @@ -84,7 +84,7 @@ By default, convert a GIF input file to RGB triplets. If -s is specified, convert RGB input to a GIF. -If no input file is given, gif2rgb will try to read adata +If no input file is given, gif2rgb will try to read data from stdin. diff -Nru giflib-5.1.2/history.asc giflib-5.1.4/history.asc --- giflib-5.1.2/history.asc 2015-05-28 04:33:34.000000000 +0000 +++ giflib-5.1.4/history.asc 2016-01-17 04:04:33.000000000 +0000 @@ -59,6 +59,12 @@ direct support for GIF89 graphics control blocks, and tossed out large amounts of obsolete utility code. +More recent version of the code (5.1.0 and onwards) have been hardened +by both static analysis and fuzz testing. While these failed to turn +up bugs in normal rendering cases, they did uncover some crash and +corruption bugs that could be tickled by carefully crafted malformed +GIFs. + This code is very old, very stable, and *everywhere* - browsers game consoles, smartphones, pretty much everything that opens an HTTP port and does graphics uses it. diff -Nru giflib-5.1.2/lib/dgif_lib.c giflib-5.1.4/lib/dgif_lib.c --- giflib-5.1.2/lib/dgif_lib.c 2016-01-07 10:44:44.000000000 +0000 +++ giflib-5.1.4/lib/dgif_lib.c 2016-04-02 15:34:00.000000000 +0000 @@ -89,7 +89,7 @@ GifFile->SavedImages = NULL; GifFile->SColorMap = NULL; - Private = (GifFilePrivateType *)malloc(sizeof(GifFilePrivateType)); + Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType)); if (Private == NULL) { if (Error != NULL) *Error = D_GIF_ERR_NOT_ENOUGH_MEM; @@ -97,6 +97,9 @@ free((char *)GifFile); return NULL; } + + /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); + #ifdef _WIN32 _setmode(FileHandle, O_BINARY); /* Make sure it is in binary mode. */ #endif /* _WIN32 */ @@ -172,13 +175,14 @@ GifFile->SavedImages = NULL; GifFile->SColorMap = NULL; - Private = (GifFilePrivateType *)malloc(sizeof(GifFilePrivateType)); + Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType)); if (!Private) { if (Error != NULL) *Error = D_GIF_ERR_NOT_ENOUGH_MEM; free((char *)GifFile); return NULL; } + /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); GifFile->Private = (void *)Private; Private->FileHandle = 0; @@ -764,7 +768,7 @@ BitsPerPixel = CodeSize; /* this can only happen on a severely malformed GIF */ - if (BitsPerPixel > 8 || Private->RunningBits > 32) { + if (BitsPerPixel > 8) { GifFile->Error = D_GIF_ERR_READ_FAILED; /* somewhat bogus error code */ return GIF_ERROR; /* Failed to read Code size. */ } diff -Nru giflib-5.1.2/lib/egif_lib.c giflib-5.1.4/lib/egif_lib.c --- giflib-5.1.2/lib/egif_lib.c 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/lib/egif_lib.c 2016-01-22 10:36:36.000000000 +0000 @@ -103,6 +103,7 @@ *Error = E_GIF_ERR_NOT_ENOUGH_MEM; return NULL; } + /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType)); if ((Private->HashTable = _InitHashTable()) == NULL) { free(GifFile); free(Private); @@ -121,6 +122,7 @@ Private->FileHandle = FileHandle; Private->File = f; Private->FileState = FILE_STATE_WRITE; + Private->gif89 = false; Private->Write = (OutputFunc) 0; /* No user write routine (MRB) */ GifFile->UserData = (void *)NULL; /* No user write handle (MRB) */ @@ -157,6 +159,8 @@ return NULL; } + memset(Private, '\0', sizeof(GifFilePrivateType)); + Private->HashTable = _InitHashTable(); if (Private->HashTable == NULL) { free (GifFile); diff -Nru giflib-5.1.2/lib/gif_lib.h giflib-5.1.4/lib/gif_lib.h --- giflib-5.1.2/lib/gif_lib.h 2016-01-07 12:51:53.000000000 +0000 +++ giflib-5.1.4/lib/gif_lib.h 2016-04-02 15:35:30.000000000 +0000 @@ -13,7 +13,7 @@ #define GIFLIB_MAJOR 5 #define GIFLIB_MINOR 1 -#define GIFLIB_RELEASE 2 +#define GIFLIB_RELEASE 4 #define GIF_ERROR 0 #define GIF_OK 1 Binary files /tmp/DQQYjNVSZk/giflib-5.1.2/tests/FOO and /tmp/ofY0aoqiCx/giflib-5.1.4/tests/FOO differ diff -Nru giflib-5.1.2/util/gif2rgb.c giflib-5.1.4/util/gif2rgb.c --- giflib-5.1.2/util/gif2rgb.c 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/util/gif2rgb.c 2016-03-17 16:24:17.000000000 +0000 @@ -181,9 +181,6 @@ 0, 0, Width, Height, false, NULL) == GIF_ERROR) PrintGifError(Error); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); GifQprintf("\n%s: Image 1 at (%d, %d) [%dx%d]: ", @@ -192,12 +189,7 @@ for (i = 0; i < Height; i++) { if (EGifPutLine(GifFile, Ptr, Width) == GIF_ERROR) - { - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); - } GifQprintf("\b\b\b\b%-4d", Height - i - 1); Ptr += Width; @@ -205,9 +197,6 @@ if (EGifCloseFile(GifFile, &Error) == GIF_ERROR) PrintGifError(Error); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } @@ -378,6 +367,11 @@ } } + if (GifFile->SHeight == 0 || GifFile->SWidth == 0) { + fprintf(stderr, "Image of width or height 0\n"); + exit(EXIT_FAILURE); + } + /* * Allocate the screen as vector of column of rows. Note this * screen is device independent - it's the screen defined by the diff -Nru giflib-5.1.2/util/gifbg.c giflib-5.1.4/util/gifbg.c --- giflib-5.1.2/util/gifbg.c 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/util/gifbg.c 2016-03-17 15:52:45.000000000 +0000 @@ -327,9 +327,6 @@ if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR) { PrintGifError(ErrorCode); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } diff -Nru giflib-5.1.2/util/gifbuild.c giflib-5.1.4/util/gifbuild.c --- giflib-5.1.2/util/gifbuild.c 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/util/gifbuild.c 2016-04-02 15:34:10.000000000 +0000 @@ -692,6 +692,7 @@ putchar('\n'); while (!last && ep[1].Function == CONTINUE_EXT_FUNC_CODE) { ++ep; + last = (ep - ExtensionBlocks == (ExtensionBlockCount - 1)); VisibleDumpBuffer(ep->Bytes, ep->ByteCount); putchar('\n'); } @@ -703,6 +704,7 @@ putchar('\n'); while (!last && ep[1].Function == CONTINUE_EXT_FUNC_CODE) { ++ep; + last = (ep - ExtensionBlocks == (ExtensionBlockCount - 1)); VisibleDumpBuffer(ep->Bytes, ep->ByteCount); putchar('\n'); } @@ -723,7 +725,10 @@ printf("\ttransparent index %d\n", gcb.TransparentColor); printf("end\n\n"); } - else if (ep->Function == APPLICATION_EXT_FUNC_CODE + else if (!last + && ep->Function == APPLICATION_EXT_FUNC_CODE + && ep->ByteCount >= 11 + && (ep+1)->ByteCount >= 3 && memcmp(ep->Bytes, "NETSCAPE2.0", 11) == 0) { unsigned char *params = (++ep)->Bytes; unsigned int loopcount = params[1] | (params[2] << 8); @@ -734,6 +739,7 @@ VisibleDumpBuffer(ep->Bytes, ep->ByteCount); while (!last && ep[1].Function == CONTINUE_EXT_FUNC_CODE) { ++ep; + last = (ep - ExtensionBlocks == (ExtensionBlockCount - 1)); VisibleDumpBuffer(ep->Bytes, ep->ByteCount); putchar('\n'); } diff -Nru giflib-5.1.2/util/gifcolor.c giflib-5.1.4/util/gifcolor.c --- giflib-5.1.2/util/gifcolor.c 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/util/gifcolor.c 2016-03-15 11:57:37.000000000 +0000 @@ -122,9 +122,6 @@ if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR) { PrintGifError(ErrorCode); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } diff -Nru giflib-5.1.2/util/gifecho.c giflib-5.1.4/util/gifecho.c --- giflib-5.1.2/util/gifecho.c 2014-05-16 10:46:53.000000000 +0000 +++ giflib-5.1.4/util/gifecho.c 2016-03-17 15:53:13.000000000 +0000 @@ -162,9 +162,6 @@ if (EGifCloseFile(GifFile, &ErrorCode) == GIF_ERROR) { PrintGifError(ErrorCode); - if (GifFile != NULL) { - EGifCloseFile(GifFile, NULL); - } exit(EXIT_FAILURE); } diff -Nru giflib-5.1.2/util/gifinto.c giflib-5.1.4/util/gifinto.c --- giflib-5.1.2/util/gifinto.c 2016-01-05 23:07:24.000000000 +0000 +++ giflib-5.1.4/util/gifinto.c 2016-03-17 16:26:04.000000000 +0000 @@ -73,7 +73,7 @@ int FD; int NumFiles; bool Error, MinSizeFlag = false, HelpFlag = false; - char **FileName = NULL, FoutTmpName[STRLEN], FullPath[STRLEN], *p; + char **FileName = NULL, FoutTmpName[STRLEN+1], FullPath[STRLEN+1], *p; FILE *Fin, *Fout; if ((Error = GAGetArgs(argc, argv, CtrlStr, &GifNoisyPrint, @@ -160,7 +160,8 @@ fclose(Fout); unlink(*FileName); if (rename(FoutTmpName, *FileName) != 0) { - char DefaultName[STRLEN]; + char DefaultName[STRLEN+1]; + memset(DefaultName, '\0', sizeof(DefaultName)); if ( (strlen(FullPath) + strlen(DEFAULT_OUT_NAME)) > STRLEN-1 ) GIF_EXIT("Filename too long."); strncpy(DefaultName, FullPath, STRLEN); // cppcheck-suppress uninitstring