gif2png crashes (out of bounds read) with malformated gif input
while developing a fuzzer I was able to trigger a crash in gif2png. I'm attaching a gzipped gif that triggers the bug. This is the stack trace: Program received signal SIGSEGV, Segmentation fault.
nextLWZ (fd=0x8060008) at gifread.c:578 578 *sp++ = table[code]; (gdb) bt #0 nextLWZ (fd=0x8060008) at gifread.c:578 #1 0x0804b48b in ReadImage (fd=0x4, fd@entry=0x8060008, x_off=134612112, y_off=4259840, y_off@entry=173, width=256, height=65311, cmapSize=256, cmap=0x0, interlace=true) at gifread.c:684 #2 0x0804ba2b in ReadGIF (fd=0x8060008) at gifread.c:218 #3 0x0804a78b in processfile (fname=fname@entry=0xbfffef4f "/home/vuzzing/data/vuzzing-results/gif2png/exp1/gif2png-2016-05-09T07-19-19.165820.gif", fp=fp@entry=0x8060008) at gif2png.c:707 #4 0x080492ac in main (argc=2, argv=0xbffff414) at gif2png.c:982 (gdb)