vcl/source/filter/igif/decode.cxx | 24 ++++++++++++++++++------
vcl/source/filter/igif/decode.hxx | 2 +-
2 files changed, 19 insertions(+), 7 deletions(-)
New commits:
commit 55fd7b2d236dc6dc09676b7dce60dc4e2e1786fc
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Aug 17 16:14:16 2014 +0100
check that AddToTable can be done validly
Change-Id: I0ee69279e3bb1d9871feba17b908b8307f0ec5b4
(cherry picked from commit 43b39d3e47ffd179071732c0a8fc201c31b2bb46)
Reviewed-on: https://gerrit.libreoffice.org/10949
Reviewed-by: David Tardon <dtar...@redhat.com>
Tested-by: David Tardon <dtar...@redhat.com>
diff --git a/vcl/source/filter/igif/decode.cxx
b/vcl/source/filter/igif/decode.cxx
index 85b417c..d50ac7c 100644
--- a/vcl/source/filter/igif/decode.cxx
+++ b/vcl/source/filter/igif/decode.cxx
@@ -47,12 +47,14 @@ GIFLZWDecompressor::GIFLZWDecompressor(sal_uInt8 cDataSize)
pTable = new GIFLZWTableEntry[ 4098 ];
- for( sal_uInt16 i = 0; i < nTableSize; i++ )
+ for (sal_uInt16 i = 0; i < nTableSize; ++i)
{
pTable[i].pPrev = NULL;
pTable[i].pFirst = pTable + i;
pTable[i].nData = (sal_uInt8) i;
}
+
+ memset(pTable + nTableSize, 0, sizeof(GIFLZWTableEntry) * (4098 -
nTableSize));
}
GIFLZWDecompressor::~GIFLZWDecompressor()
@@ -105,7 +107,7 @@ HPBYTE GIFLZWDecompressor::DecompressBlock( HPBYTE pSrc,
sal_uInt8 cBufSize,
return pTarget;
}
-void GIFLZWDecompressor::AddToTable( sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData )
+bool GIFLZWDecompressor::AddToTable( sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData )
{
GIFLZWTableEntry* pE;
@@ -114,12 +116,16 @@ void GIFLZWDecompressor::AddToTable( sal_uInt16
nPrevCode, sal_uInt16 nCodeFirst
pE = pTable + nTableSize;
pE->pPrev = pTable + nPrevCode;
pE->pFirst = pE->pPrev->pFirst;
- pE->nData = pTable[ nCodeFirstData ].pFirst->nData;
+ GIFLZWTableEntry *pEntry = pTable[nCodeFirstData].pFirst;
+ if (!pEntry)
+ return false;
+ pE->nData = pEntry->nData;
nTableSize++;
if ( ( nTableSize == (sal_uInt16) (1 << nCodeSize) ) && ( nTableSize <
4096 ) )
nCodeSize++;
}
+ return true;
}
bool GIFLZWDecompressor::ProcessOneCode()
@@ -151,17 +157,23 @@ bool GIFLZWDecompressor::ProcessOneCode()
if ( nCode < nClearCode )
{
+ bool bOk = true;
if ( nOldCode != 0xffff )
- AddToTable( nOldCode, nCode );
+ bOk = AddToTable(nOldCode, nCode);
+ if (!bOk)
+ return false;
}
else if ( ( nCode > nEOICode ) && ( nCode <= nTableSize ) )
{
if ( nOldCode != 0xffff )
{
+ bool bOk;
if ( nCode == nTableSize )
- AddToTable( nOldCode, nOldCode );
+ bOk = AddToTable( nOldCode, nOldCode );
else
- AddToTable( nOldCode, nCode );
+ bOk = AddToTable( nOldCode, nCode );
+ if (!bOk)
+ return false;
}
}
else
diff --git a/vcl/source/filter/igif/decode.hxx
b/vcl/source/filter/igif/decode.hxx
index 5425326..ee093bf 100644
--- a/vcl/source/filter/igif/decode.hxx
+++ b/vcl/source/filter/igif/decode.hxx
@@ -43,7 +43,7 @@ class GIFLZWDecompressor
sal_uInt8 nBlockBufSize;
sal_uInt8 nBlockBufPos;
- void AddToTable(sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData);
+ bool AddToTable(sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData);
bool ProcessOneCode();
public:
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
