Description: security fix
  Fix CVE-2016-8888 and CVE-2016-9085
Author: Jeff Breidenbach <jab@debian.org>

---
The information above should follow the Patch Tagging Guidelines, please
checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
are templates for supplementary fields that you might want to add:

Origin: <vendor|upstream|other>, <url of original patch>
Bug: <url in upstream bugtracker>
Bug-Debian: http://bugs.debian.org/<bugnumber>
Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
Forwarded: <no|not-needed|url proving that it has been forwarded>
Reviewed-By: <name and email of someone who approved the patch>
Last-Update: <YYYY-MM-DD>

--- libwebp-0.5.1.orig/examples/gif2webp.c
+++ libwebp-0.5.1/examples/gif2webp.c
@@ -359,6 +359,8 @@ int main(int argc, const char *argv[]) {
         if (DGifGetExtension(gif, &extension, &data) == GIF_ERROR) {
           goto End;
         }
+        if (data == NULL) continue;
+
         switch (extension) {
           case COMMENT_EXT_FUNC_CODE: {
             break;  // Do nothing for now.
