Return error when attempting to load frame with 0 height

A frame with 0 height will have no data, so there is not point in attempting to load it. Additionally some of the loading code assumes a non-zero height implicitly. BUG=chromium:770470 Change-Id: I38b222b46b43ce5d47924526913285510be40603 Reviewed-on: https://pdfium-review.googlesource.com/16551 Reviewed-by: dsinclair <dsinclair@chromium.org> Commit-Queue: Ryan Harrison <rharrison@chromium.org>
author: Ryan Harrison <rharrison@chromium.org> 2017-10-23 16:39:06 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-10-23 20:52:07 +0000
commit: c9d0bcccbd4cc460bb3e26f767eea2d33a5b48b6 (patch)
tree: 030ffed6b938dd50b537993e27c69ae38f1b448d
parent: 25e763e99932a4d12cbd51b3c36411b44163c5d8 (diff)
download: pdfium-c9d0bcccbd4cc460bb3e26f767eea2d33a5b48b6.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/core/fxcodec/gif/cfx_gifcontext.cpp b/core/fxcodec/gif/cfx_gifcontext.cpp
index ca2e7c3c88..fba7334c93 100644
--- a/core/fxcodec/gif/cfx_gifcontext.cpp
+++ b/core/fxcodec/gif/cfx_gifcontext.cpp
@@ -176,6 +176,9 @@ CFX_GifDecodeStatus CFX_GifContext::LoadFrame(int32_t frame_num) {
   uint8_t* img_data = nullptr;
   uint32_t skip_size_org = skip_size_;
   CFX_GifImage* gif_image = images_[static_cast<size_t>(frame_num)].get();
+  if (gif_image->image_info.height == 0)
+    return CFX_GifDecodeStatus::Error;
+
   uint32_t gif_img_row_bytes = gif_image->image_info.width;
   if (gif_img_row_bytes == 0)
     return CFX_GifDecodeStatus::Error;
author	Ryan Harrison <rharrison@chromium.org>	2017-10-23 16:39:06 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-10-23 20:52:07 +0000
commit	c9d0bcccbd4cc460bb3e26f767eea2d33a5b48b6 (patch)
tree	030ffed6b938dd50b537993e27c69ae38f1b448d
parent	25e763e99932a4d12cbd51b3c36411b44163c5d8 (diff)
download	pdfium-c9d0bcccbd4cc460bb3e26f767eea2d33a5b48b6.tar.xz