diff options
author | Sebastian Rasmussen <sebras@gmail.com> | 2016-10-15 14:58:24 +0800 |
---|---|---|
committer | Sebastian Rasmussen <sebras@gmail.com> | 2016-10-16 12:51:01 +0800 |
commit | 48338e8e0aa2ca1fc8eddaddc5e5bc258ee9bebb (patch) | |
tree | d682b8b2da9fe50500221b61a8a1c972e7e2f6e1 /source | |
parent | 179205713a1baa64b3e8415ae2ede17c9b4786d2 (diff) | |
download | mupdf-48338e8e0aa2ca1fc8eddaddc5e5bc258ee9bebb.tar.xz |
gif: Handle frames bigger than image correctly.
The existing fix for bug 697161 introduced in commit
651c9f1d93c81c84deaf76debec0a30e54a67d7e was broken
as frames would be constrained to the image size - 1.
Now we decompress all available data, not suggesting
an uncompressed size, but still checking the size after
the uncomprsseion.
Diffstat (limited to 'source')
-rw-r--r-- | source/fitz/load-gif.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/source/fitz/load-gif.c b/source/fitz/load-gif.c index ea1a696a..ae937c89 100644 --- a/source/fitz/load-gif.c +++ b/source/fitz/load-gif.c @@ -185,8 +185,8 @@ gif_read_id(fz_context *ctx, struct info *info, unsigned char *p, unsigned char info->image_left = p[2] << 8 | p[1]; info->image_top = p[4] << 8 | p[3]; - info->image_width = fz_clampi(p[6] << 8 | p[5], 0, info->width - 1); - info->image_height = fz_clampi(p[8] << 8 | p[7], 0, info->height - 1); + info->image_width = p[6] << 8 | p[5]; + info->image_height = p[8] << 8 | p[7]; info->has_lct = (p[9] >> 7) & 0x1; info->image_interlaced = (p[9] >> 6) & 0x1; @@ -258,7 +258,7 @@ gif_read_tbid(fz_context *ctx, struct info *info, unsigned char *dest, unsigned stm = fz_open_buffer(ctx, compressed); lzwstm = fz_open_lzwd(ctx, stm, 0, mincodesize + 1, 1, 0); - uncompressed = fz_read_all(ctx, lzwstm, info->image_width * info->image_height); + uncompressed = fz_read_all(ctx, lzwstm, 0); if (uncompressed->len < info->image_width * info->image_height) fz_throw(ctx, FZ_ERROR_GENERIC, "premature end in compressed table based image data in gif image"); |