X-Git-Url: https://git.saurik.com/wxWidgets.git/blobdiff_plain/525b0568c9882692cf31bf4d5a308940154cb350..571d2e0f232be3f7220c485c7e72eccfb87f2855:/src/common/gifdecod.cpp diff --git a/src/common/gifdecod.cpp b/src/common/gifdecod.cpp index 8213e583ef..4b3e6ddc87 100644 --- a/src/common/gifdecod.cpp +++ b/src/common/gifdecod.cpp @@ -1,5 +1,5 @@ ///////////////////////////////////////////////////////////////////////////// -// Name: gifdecod.cpp +// Name: src/common/gifdecod.cpp // Purpose: wxGIFDecoder, GIF reader for wxImage and wxAnimation // Author: Guillermo Rodriguez Garcia // Version: 3.04 @@ -12,16 +12,15 @@ #include "wx/wxprec.h" #ifdef __BORLANDC__ -# pragma hdrstop + #pragma hdrstop #endif +#if wxUSE_STREAMS && wxUSE_GIF + #ifndef WX_PRECOMP -# include "wx/defs.h" -# include "wx/palette.h" + #include "wx/palette.h" #endif -#if wxUSE_STREAMS && wxUSE_GIF - #include #include #include "wx/gifdecod.h" @@ -142,21 +141,18 @@ bool wxGIFDecoder::ConvertToImage(wxImage *image) const image->SetMask(false); #if wxUSE_PALETTE - if (pal) - { - unsigned char r[256]; - unsigned char g[256]; - unsigned char b[256]; - - for (i = 0; i < 256; i++) - { - r[i] = pal[3*i + 0]; - g[i] = pal[3*i + 1]; - b[i] = pal[3*i + 2]; - } + unsigned char r[256]; + unsigned char g[256]; + unsigned char b[256]; - image->SetPalette(wxPalette(256, r, g, b)); + for (i = 0; i < 256; i++) + { + r[i] = pal[3*i + 0]; + g[i] = pal[3*i + 1]; + b[i] = pal[3*i + 2]; } + + image->SetPalette(wxPalette(256, r, g, b)); #endif // wxUSE_PALETTE /* copy image data */ @@ -470,6 +466,25 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits) /* make new entry in alphabet (only if NOT just cleared) */ if (lastcode != -1) { + // Normally, after the alphabet is full and can't grow any + // further (ab_free == 4096), encoder should (must?) emit CLEAR + // to reset it. This checks whether we really got it, otherwise + // the GIF is damaged. + if (ab_free > ab_max) + { + delete[] ab_prefix; + delete[] ab_tail; + delete[] stack; + return wxGIF_INVFORMAT; + } + + // This assert seems unnecessary since the condition above + // eliminates the only case in which it went false. But I really + // don't like being forced to ask "Who in .text could have + // written there?!" And I wouldn't have been forced to ask if + // this line had already been here. + wxASSERT(ab_free < allocSize); + ab_prefix[ab_free] = lastcode; ab_tail[ab_free] = code; ab_free++; @@ -675,8 +690,7 @@ int wxGIFDecoder::ReadGIF() m_screenw = buf[0] + 256 * buf[1]; m_screenh = buf[2] + 256 * buf[3]; - const int maxScreenSize = 4 << 10; - if ((m_screenw <= 0) || (m_screenw > maxScreenSize) || (m_screenh <= 0) || (m_screenh > maxScreenSize)) + if ((m_screenw == 0) || (m_screenh == 0)) { return wxGIF_INVFORMAT; } @@ -803,7 +817,7 @@ int wxGIFDecoder::ReadGIF() pimg->w = buf[4] + 256 * buf[5]; pimg->h = buf[6] + 256 * buf[7]; - if (pimg->w == 0 || pimg->h == 0) + if ((pimg->w == 0) || (pimg->w > m_screenw) || (pimg->h == 0) || (pimg->h > m_screenh)) { Destroy(); return wxGIF_INVFORMAT; @@ -915,12 +929,6 @@ int wxGIFDecoder::ReadGIF() if ((buf[8] & 0x80) == 0x80) { ncolors = 2 << (buf[8] & 0x07); - if (ncolors <= 0) - { - Destroy(); - return wxGIF_INVFORMAT; - } - wxFileOffset pos = m_f->TellI(); wxFileOffset numBytes = 3 * ncolors; m_f->SeekI(numBytes, wxFromCurrent);