vcl/source/filter/igif/decode.cxx | 26 ++++++++++++++++++--------
vcl/source/filter/igif/decode.hxx | 2 +-
2 files changed, 19 insertions(+), 9 deletions(-)
New commits:
commit feb51015416c5ccceff0d74f7d0305f87febe75b
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Aug 17 16:14:16 2014 +0100
check that AddToTable can be done validly
Change-Id: I0ee69279e3bb1d9871feba17b908b8307f0ec5b4
(cherry picked from commit 43b39d3e47ffd179071732c0a8fc201c31b2bb46)
Reviewed-on: https://gerrit.libreoffice.org/10950
Reviewed-by: David Tardon <dtar...@redhat.com>
Tested-by: David Tardon <dtar...@redhat.com>
diff --git a/vcl/source/filter/igif/decode.cxx
b/vcl/source/filter/igif/decode.cxx
index 5900b4c..1418c3a 100644
--- a/vcl/source/filter/igif/decode.cxx
+++ b/vcl/source/filter/igif/decode.cxx
@@ -49,12 +49,14 @@ GIFLZWDecompressor::GIFLZWDecompressor( sal_uInt8 cDataSize
) :
pTable = new GIFLZWTableEntry[ 4098 ];
- for( sal_uInt16 i = 0; i < nTableSize; i++ )
+ for (sal_uInt16 i = 0; i < nTableSize; ++i)
{
pTable[i].pPrev = NULL;
pTable[i].pFirst = pTable + i;
pTable[i].nData = (sal_uInt8) i;
}
+
+ memset(pTable + nTableSize, 0, sizeof(GIFLZWTableEntry) * (4098 -
nTableSize));
}
// ------------------------------------------------------------------------
@@ -111,9 +113,7 @@ HPBYTE GIFLZWDecompressor::DecompressBlock( HPBYTE pSrc,
sal_uInt8 cBufSize,
return pTarget;
}
-// ------------------------------------------------------------------------
-
-void GIFLZWDecompressor::AddToTable( sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData )
+bool GIFLZWDecompressor::AddToTable( sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData )
{
GIFLZWTableEntry* pE;
@@ -122,12 +122,16 @@ void GIFLZWDecompressor::AddToTable( sal_uInt16
nPrevCode, sal_uInt16 nCodeFirst
pE = pTable + nTableSize;
pE->pPrev = pTable + nPrevCode;
pE->pFirst = pE->pPrev->pFirst;
- pE->nData = pTable[ nCodeFirstData ].pFirst->nData;
+ GIFLZWTableEntry *pEntry = pTable[nCodeFirstData].pFirst;
+ if (!pEntry)
+ return false;
+ pE->nData = pEntry->nData;
nTableSize++;
if ( ( nTableSize == (sal_uInt16) (1 << nCodeSize) ) && ( nTableSize <
4096 ) )
nCodeSize++;
}
+ return true;
}
// ------------------------------------------------------------------------
@@ -161,17 +165,23 @@ bool GIFLZWDecompressor::ProcessOneCode()
if ( nCode < nClearCode )
{
+ bool bOk = true;
if ( nOldCode != 0xffff )
- AddToTable( nOldCode, nCode );
+ bOk = AddToTable(nOldCode, nCode);
+ if (!bOk)
+ return false;
}
else if ( ( nCode > nEOICode ) && ( nCode <= nTableSize ) )
{
if ( nOldCode != 0xffff )
{
+ bool bOk;
if ( nCode == nTableSize )
- AddToTable( nOldCode, nOldCode );
+ bOk = AddToTable( nOldCode, nOldCode );
else
- AddToTable( nOldCode, nCode );
+ bOk = AddToTable( nOldCode, nCode );
+ if (!bOk)
+ return false;
}
}
else
diff --git a/vcl/source/filter/igif/decode.hxx
b/vcl/source/filter/igif/decode.hxx
index 3e1a783..737a495 100644
--- a/vcl/source/filter/igif/decode.hxx
+++ b/vcl/source/filter/igif/decode.hxx
@@ -43,7 +43,7 @@ class GIFLZWDecompressor
sal_uInt8 nBlockBufSize;
sal_uInt8 nBlockBufPos;
- void AddToTable(sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData);
+ bool AddToTable(sal_uInt16 nPrevCode, sal_uInt16
nCodeFirstData);
bool ProcessOneCode();
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
