X-Git-Url: https://git.saurik.com/wxWidgets.git/blobdiff_plain/65c36a73c679b66d02e5489e26ec53b89bc78fad..77a1771911ed222ba6861ead327c3735fc16a0b1:/src/common/gifdecod.cpp?ds=inline diff --git a/src/common/gifdecod.cpp b/src/common/gifdecod.cpp index db32b8fa25..4b3e6ddc87 100644 --- a/src/common/gifdecod.cpp +++ b/src/common/gifdecod.cpp @@ -1,5 +1,5 @@ ///////////////////////////////////////////////////////////////////////////// -// Name: gifdecod.cpp +// Name: src/common/gifdecod.cpp // Purpose: wxGIFDecoder, GIF reader for wxImage and wxAnimation // Author: Guillermo Rodriguez Garcia // Version: 3.04 @@ -8,23 +8,19 @@ // Licence: wxWindows licence ///////////////////////////////////////////////////////////////////////////// -#ifdef __GNUG__ -#pragma implementation "gifdecod.h" -#endif - // For compilers that support precompilation, includes "wx.h". #include "wx/wxprec.h" #ifdef __BORLANDC__ -# pragma hdrstop + #pragma hdrstop #endif +#if wxUSE_STREAMS && wxUSE_GIF + #ifndef WX_PRECOMP -# include "wx/defs.h" + #include "wx/palette.h" #endif -#if wxUSE_STREAMS && wxUSE_GIF - #include #include #include "wx/gifdecod.h" @@ -115,7 +111,7 @@ bool wxGIFDecoder::ConvertToImage(wxImage *image) const image->Create(GetWidth(), GetHeight()); if (!image->Ok()) - return FALSE; + return false; pal = GetPalette(); src = GetData(); @@ -142,24 +138,21 @@ bool wxGIFDecoder::ConvertToImage(wxImage *image) const image->SetMaskColour(255, 0, 255); } else - image->SetMask(FALSE); + image->SetMask(false); #if wxUSE_PALETTE - if (pal) - { - unsigned char r[256]; - unsigned char g[256]; - unsigned char b[256]; - - for (i = 0; i < 256; i++) - { - r[i] = pal[3*i + 0]; - g[i] = pal[3*i + 1]; - b[i] = pal[3*i + 2]; - } + unsigned char r[256]; + unsigned char g[256]; + unsigned char b[256]; - image->SetPalette(wxPalette(256, r, g, b)); + for (i = 0; i < 256; i++) + { + r[i] = pal[3*i + 0]; + g[i] = pal[3*i + 1]; + b[i] = pal[3*i + 2]; } + + image->SetPalette(wxPalette(256, r, g, b)); #endif // wxUSE_PALETTE /* copy image data */ @@ -170,7 +163,7 @@ bool wxGIFDecoder::ConvertToImage(wxImage *image) const *(dst++) = pal[3 * (*src) + 2]; } - return TRUE; + return true; } @@ -207,27 +200,27 @@ bool wxGIFDecoder::IsAnimation() const { return (m_nimages > 1); } bool wxGIFDecoder::GoFirstFrame() { if (!IsAnimation()) - return FALSE; + return false; m_image = 1; m_pimage = m_pfirst; - return TRUE; + return true; } bool wxGIFDecoder::GoLastFrame() { if (!IsAnimation()) - return FALSE; + return false; m_image = m_nimages; m_pimage = m_plast; - return TRUE; + return true; } bool wxGIFDecoder::GoNextFrame(bool cyclic) { if (!IsAnimation()) - return FALSE; + return false; if ((m_image < m_nimages) || (cyclic)) { @@ -240,16 +233,16 @@ bool wxGIFDecoder::GoNextFrame(bool cyclic) m_pimage = m_pfirst; } - return TRUE; + return true; } else - return FALSE; + return false; } bool wxGIFDecoder::GoPrevFrame(bool cyclic) { if (!IsAnimation()) - return FALSE; + return false; if ((m_image > 1) || (cyclic)) { @@ -262,30 +255,32 @@ bool wxGIFDecoder::GoPrevFrame(bool cyclic) m_pimage = m_plast; } - return TRUE; + return true; } else - return FALSE; + return false; } bool wxGIFDecoder::GoFrame(int which) { - int i; - if (!IsAnimation()) - return FALSE; + return false; if ((which >= 1) && (which <= m_nimages)) { + m_image = 1; m_pimage = m_pfirst; - for (i = 1; i < which; i++) + while (m_image < which) + { + m_image++; m_pimage = m_pimage->next; + } - return TRUE; + return true; } else - return FALSE; + return false; } @@ -456,12 +451,40 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits) return wxGIF_INVFORMAT; } } + + if (pos >= allocSize) + { + delete[] ab_prefix; + delete[] ab_tail; + delete[] stack; + return wxGIF_INVFORMAT; + } + stack[pos] = code; /* push last code into the stack */ abcabca = code; /* save for special case */ /* make new entry in alphabet (only if NOT just cleared) */ if (lastcode != -1) { + // Normally, after the alphabet is full and can't grow any + // further (ab_free == 4096), encoder should (must?) emit CLEAR + // to reset it. This checks whether we really got it, otherwise + // the GIF is damaged. + if (ab_free > ab_max) + { + delete[] ab_prefix; + delete[] ab_tail; + delete[] stack; + return wxGIF_INVFORMAT; + } + + // This assert seems unnecessary since the condition above + // eliminates the only case in which it went false. But I really + // don't like being forced to ask "Who in .text could have + // written there?!" And I wouldn't have been forced to ask if + // this line had already been here. + wxASSERT(ab_free < allocSize); + ab_prefix[ab_free] = lastcode; ab_tail[ab_free] = code; ab_free++; @@ -473,18 +496,11 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits) } } - /* dump stack data to the buffer */ + /* dump stack data to the image buffer */ while (pos >= 0) { - if (pos >= allocSize) - { - delete[] ab_prefix; - delete[] ab_tail; - delete[] stack; - return wxGIF_INVFORMAT; - } - - (img->p)[x + (y * (img->w))] = (char)stack[pos--]; + (img->p)[x + (y * (img->w))] = (char) stack[pos]; + pos--; if (++x >= (img->w)) { @@ -500,13 +516,50 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits) case 3: y += 4; break; case 4: y += 2; break; } - if (y >= (img->h)) + + /* loop until a valid y coordinate has been + found, Or if the maximum number of passes has + been reached, exit the loop, and stop image + decoding (At this point the image is successfully + decoded). + If we don't loop, but merely set y to some other + value, that new value might still be invalid depending + on the height of the image. This would cause out of + bounds writing. + */ + while (y >= (img->h)) { switch (++pass) { case 2: y = 4; break; case 3: y = 2; break; case 4: y = 1; break; + + default: + /* + It's possible we arrive here. For example this + happens when the image is interlaced, and the + height is 1. Looking at the above cases, the + lowest possible y is 1. While the only valid + one would be 0 for an image of height 1. So + 'eventually' the loop will arrive here. + This case makes sure this while loop is + exited, as well as the 2 other ones. + */ + + // Set y to a valid coordinate so the local + // while loop will be exited. (y = 0 always + // is >= img->h since if img->h == 0 the + // image is never decoded) + y = 0; + + // This will exit the other outer while loop + pos = -1; + + // This will halt image decoding. + code = ab_fin; + + break; } } } @@ -572,16 +625,18 @@ as an End of Information itself) // CanRead: -// Returns TRUE if the file looks like a valid GIF, FALSE otherwise. +// Returns true if the file looks like a valid GIF, false otherwise. // bool wxGIFDecoder::CanRead() { unsigned char buf[3]; - m_f->Read(buf, 3); - m_f->SeekI(-3, wxFromCurrent); + if ( !m_f->Read(buf, WXSIZEOF(buf)) ) + return false; - return (memcmp(buf, "GIF", 3) == 0); + m_f->SeekI(-(wxFileOffset)WXSIZEOF(buf), wxFromCurrent); + + return memcmp(buf, "GIF", WXSIZEOF(buf)) == 0; } @@ -621,7 +676,7 @@ int wxGIFDecoder::ReadGIF() if (memcmp(buf + 3, "89a", 3) < 0) { - m_anim = FALSE; + m_anim = false; } /* read logical screen descriptor block (LSDB) */ @@ -635,6 +690,11 @@ int wxGIFDecoder::ReadGIF() m_screenw = buf[0] + 256 * buf[1]; m_screenh = buf[2] + 256 * buf[3]; + if ((m_screenw == 0) || (m_screenh == 0)) + { + return wxGIF_INVFORMAT; + } + /* load global color map if available */ if ((buf[4] & 0x80) == 0x80) { @@ -659,9 +719,9 @@ int wxGIFDecoder::ReadGIF() pprev = NULL; pimg = NULL; - bool done = FALSE; + bool done = false; - while(!done) + while (!done) { type = (unsigned char)m_f->GetC(); @@ -685,7 +745,7 @@ int wxGIFDecoder::ReadGIF() /* end of data? */ if (type == 0x3B) { - done = TRUE; + done = true; } else /* extension block? */ @@ -710,7 +770,7 @@ int wxGIFDecoder::ReadGIF() transparent = buf[4]; /* read disposal method */ - disposal = (buf[1] & 0x1C) - 1; + disposal = ((buf[1] & 0x1C) >> 2) - 1; } else /* other extension, skip */ @@ -720,7 +780,7 @@ int wxGIFDecoder::ReadGIF() m_f->SeekI(i, wxFromCurrent); if (m_f->Eof()) { - done = TRUE; + done = true; break; } } @@ -757,7 +817,7 @@ int wxGIFDecoder::ReadGIF() pimg->w = buf[4] + 256 * buf[5]; pimg->h = buf[6] + 256 * buf[7]; - if (pimg->w == 0 || pimg->h == 0) + if ((pimg->w == 0) || (pimg->w > m_screenw) || (pimg->h == 0) || (pimg->h > m_screenh)) { Destroy(); return wxGIF_INVFORMAT; @@ -803,6 +863,11 @@ int wxGIFDecoder::ReadGIF() /* get initial code size from first byte in raster data */ bits = (unsigned char)m_f->GetC(); + if (bits == 0) + { + Destroy(); + return wxGIF_INVFORMAT; + } /* decode image */ int result = dgif(pimg, interl, bits); @@ -815,11 +880,11 @@ int wxGIFDecoder::ReadGIF() /* if this is not an animated GIF, exit after first image */ if (!m_anim) - done = TRUE; + done = true; } } - if (m_nimages == 0) + if (m_nimages <= 0) { Destroy(); return wxGIF_INVFORMAT; @@ -864,8 +929,8 @@ int wxGIFDecoder::ReadGIF() if ((buf[8] & 0x80) == 0x80) { ncolors = 2 << (buf[8] & 0x07); - off_t pos = m_f->TellI(); - off_t numBytes = 3 * ncolors; + wxFileOffset pos = m_f->TellI(); + wxFileOffset numBytes = 3 * ncolors; m_f->SeekI(numBytes, wxFromCurrent); if (m_f->TellI() != (pos + numBytes)) {