From 1819a5c1acd9cc3ac496eb13844dd25122a1533c Mon Sep 17 00:00:00 2001
From: Vadim Zeitlin <vadim@wxwidgets.org>
Date: Sun, 2 Apr 2006 01:21:53 +0000
Subject: [PATCH] report error for GIF images without CLEAR code in the stream
 instead of crashing (patch 1449734)

git-svn-id: https://svn.wxwidgets.org/svn/wx/wxWidgets/trunk@38512 c3d73ce0-8a6f-49c7-b76d-6d57e0e08775
---
 src/common/gifdecod.cpp | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/common/gifdecod.cpp b/src/common/gifdecod.cpp
index 8fda5f8ae1..9421dbd5be 100644
--- a/src/common/gifdecod.cpp
+++ b/src/common/gifdecod.cpp
@@ -467,6 +467,25 @@ int wxGIFDecoder::dgif(GIFImage *img, int interl, int bits)
         /* make new entry in alphabet (only if NOT just cleared) */
         if (lastcode != -1)
         {
+            // Normally, after the alphabet is full and can't grow any
+            // further (ab_free == 4096), encoder should (must?) emit CLEAR
+            // to reset it. This checks whether we really got it, otherwise
+            // the GIF is damaged.
+            if (ab_free > ab_max)
+            {
+                delete[] ab_prefix;
+                delete[] ab_tail;
+                delete[] stack;
+                return wxGIF_INVFORMAT;
+            }
+
+            // This assert seems unnecessary since the condition above
+            // eliminates the only case in which it went false. But I really
+            // don't like being forced to ask "Who in .text could have
+            // written there?!" And I wouldn't have been forced to ask if
+            // this line had already been here.
+            wxASSERT(ab_free < allocSize);
+
             ab_prefix[ab_free] = lastcode;
             ab_tail[ab_free]   = code;
             ab_free++;
-- 
2.47.2