From: Vadim Zeitlin <vadim@wxwidgets.org>
Date: Sun, 2 Apr 2006 01:21:53 +0000 (+0000)
Subject: report error for GIF images without CLEAR code in the stream instead of crashing... 
X-Git-Url: https://git.saurik.com/wxWidgets.git/commitdiff_plain/1819a5c1acd9cc3ac496eb13844dd25122a1533c

report error for GIF images without CLEAR code in the stream instead of crashing (patch 1449734)


git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@38512 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
---

diff --git a/src/common/gifdecod.cpp b/src/common/gifdecod.cpp
index 8fda5f8ae1..9421dbd5be 100644
--- a/src/common/gifdecod.cpp
+++ b/src/common/gifdecod.cpp
@@ -467,6 +467,25 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits)
         /* make new entry in alphabet (only if NOT just cleared) */
         if (lastcode != -1)
         {
+            // Normally, after the alphabet is full and can't grow any
+            // further (ab_free == 4096), encoder should (must?) emit CLEAR
+            // to reset it. This checks whether we really got it, otherwise
+            // the GIF is damaged.
+            if (ab_free > ab_max)
+            {
+                delete[] ab_prefix;
+                delete[] ab_tail;
+                delete[] stack;
+                return wxGIF_INVFORMAT;
+            }
+
+            // This assert seems unnecessary since the condition above
+            // eliminates the only case in which it went false. But I really
+            // don't like being forced to ask "Who in .text could have
+            // written there?!" And I wouldn't have been forced to ask if
+            // this line had already been here.
+            wxASSERT(ab_free < allocSize);
+
             ab_prefix[ab_free] = lastcode;
             ab_tail[ab_free]   = code;
             ab_free++;