diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2016-09-27 12:58:49 +0800 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2016-09-27 20:04:03 +0800 |
| commit | 1bebb9feb7ffd62d8945790b2426d6cf09027d60 (patch) | |
| tree | b3c714847f055381210c8dba927cc284fc7a968d | |
| parent | 651c9f1d93c81c84deaf76debec0a30e54a67d7e (diff) | |
| download | mupdf-1bebb9feb7ffd62d8945790b2426d6cf09027d60.tar.xz | |
Bug 697162: gif: Color index must be inside color table.
| -rw-r--r-- | source/fitz/load-gif.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/source/fitz/load-gif.c b/source/fitz/load-gif.c index 6ebaa271..6f7a468d 100644 --- a/source/fitz/load-gif.c +++ b/source/fitz/load-gif.c @@ -202,7 +202,7 @@ gif_read_lct(fz_context *ctx, struct info *info, unsigned char *p, unsigned char } static void -gif_read_line(fz_context *ctx, struct info *info, unsigned char *dest, const unsigned char *ct, unsigned int y, unsigned char *sp) +gif_read_line(fz_context *ctx, struct info *info, unsigned char *dest, int ct_entries, const unsigned char *ct, unsigned int y, unsigned char *sp) { unsigned int index = (info->image_top + y) * info->width + info->image_left; unsigned char *dp = &dest[index * 4]; @@ -214,7 +214,7 @@ gif_read_line(fz_context *ctx, struct info *info, unsigned char *dest, const uns { *mp = 0x02; for (k = 0; k < 3; k++) - dp[k] = ct[*sp * 3 + k]; + dp[k] = ct[fz_clampi(*sp, 0, ct_entries - 1) * 3 + k]; dp[3] = 255; } else if (*mp == 0x01) @@ -229,6 +229,7 @@ gif_read_tbid(fz_context *ctx, struct info *info, unsigned char *dest, unsigned fz_buffer *compressed = NULL, *uncompressed = NULL; const unsigned char *ct; unsigned char *sp; + int ct_entries; if (end - p < 1) fz_throw(ctx, FZ_ERROR_GENERIC, "premature end in table based image data in gif image"); @@ -252,27 +253,36 @@ gif_read_tbid(fz_context *ctx, struct info *info, unsigned char *dest, unsigned fz_throw(ctx, FZ_ERROR_GENERIC, "premature end in compressed table based image data in gif image"); if (info->has_lct) + { ct = info->lct; + ct_entries = info->lct_entries; + } else if (info->has_gct) + { ct = info->gct; + ct_entries = info->gct_entries; + } else + { ct = dct; + ct_entries = 256; + } sp = uncompressed->data; if (info->image_interlaced) { for (y = 0; y < info->image_height; y += 8, sp += info->image_width) - gif_read_line(ctx, info, dest, ct, y, sp); + gif_read_line(ctx, info, dest, ct_entries, ct, y, sp); for (y = 4; y < info->image_height; y += 8, sp += info->image_width) - gif_read_line(ctx, info, dest, ct, y, sp); + gif_read_line(ctx, info, dest, ct_entries, ct, y, sp); for (y = 2; y < info->image_height; y += 4, sp += info->image_width) - gif_read_line(ctx, info, dest, ct, y, sp); + gif_read_line(ctx, info, dest, ct_entries, ct, y, sp); for (y = 1; y < info->image_height; y += 2, sp += info->image_width) - gif_read_line(ctx, info, dest, ct, y, sp); + gif_read_line(ctx, info, dest, ct_entries, ct, y, sp); } else for (y = 0; y < info->image_height; y++, sp += info->image_width) - gif_read_line(ctx, info, dest, ct, y, sp); + gif_read_line(ctx, info, dest, ct_entries, ct, y, sp); } fz_always(ctx) { |