report error for GIF images without CLEAR code in the stream instead of crashing...

author Vadim Zeitlin <vadim@wxwidgets.org>

Sun, 2 Apr 2006 01:21:53 +0000 (01:21 +0000)

committer Vadim Zeitlin <vadim@wxwidgets.org>

Sun, 2 Apr 2006 01:21:53 +0000 (01:21 +0000)
author Vadim Zeitlin <vadim@wxwidgets.org>
Sun, 2 Apr 2006 01:21:53 +0000 (01:21 +0000)
committer Vadim Zeitlin <vadim@wxwidgets.org>
Sun, 2 Apr 2006 01:21:53 +0000 (01:21 +0000)
diff --git a/src/common/gifdecod.cpp b/src/common/gifdecod.cpp

index 8fda5f8ae137b2588d566077a4547b08500aac49..9421dbd5be7828e32fd88c4cd15322c12dbcd447 100644 (file)
--- a/src/common/gifdecod.cpp
+++ b/src/common/gifdecod.cpp
@@ -467,6 +467,25 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits)
          /* make new entry in alphabet (only if NOT just cleared) */
          if (lastcode != -1)
          {
+            // Normally, after the alphabet is full and can't grow any
+            // further (ab_free == 4096), encoder should (must?) emit CLEAR
+            // to reset it. This checks whether we really got it, otherwise
+            // the GIF is damaged.
+            if (ab_free > ab_max)
+            {
+                delete[] ab_prefix;
+                delete[] ab_tail;
+                delete[] stack;
+                return wxGIF_INVFORMAT;
+            }
+
+            // This assert seems unnecessary since the condition above
+            // eliminates the only case in which it went false. But I really
+            // don't like being forced to ask "Who in .text could have
+            // written there?!" And I wouldn't have been forced to ask if
+            // this line had already been here.
+            wxASSERT(ab_free < allocSize);
+
              ab_prefix[ab_free] = lastcode;
              ab_tail[ab_free]   = code;
              ab_free++;
author	Vadim Zeitlin <vadim@wxwidgets.org>
	Sun, 2 Apr 2006 01:21:53 +0000 (01:21 +0000)
committer	Vadim Zeitlin <vadim@wxwidgets.org>
	Sun, 2 Apr 2006 01:21:53 +0000 (01:21 +0000)