$NetBSD: patch-CVE-2022-28506,v 1.1 2023/03/26 12:36:28 spz Exp $

from https://sourceforge.net/u/mmuzila/giflib/ci/fix-cve-2022-28506/

--- gif2rgb.c.orig	2019-06-24 07:24:27.000000000 +0000
+++ gif2rgb.c
@@ -294,6 +294,11 @@ static void DumpScreen2RGB(char *FileNam
             GifRow = ScreenBuffer[i];
             GifQprintf("\b\b\b\b%-4d", ScreenHeight - i);
             for (j = 0, BufferP = Buffer; j < ScreenWidth; j++) {
+                /* Check if color is within color palete */
+                if (GifRow[j] >= ColorMap->ColorCount)
+                {
+                   GIF_EXIT(GifErrorString(D_GIF_ERR_IMAGE_DEFECT));
+                }
                 ColorMapEntry = &ColorMap->Colors[GifRow[j]];
                 *BufferP++ = ColorMapEntry->Red;
                 *BufferP++ = ColorMapEntry->Green;
