summaryrefslogtreecommitdiff
path: root/core/fxcodec/codec/ccodec_gifmodule.cpp
diff options
context:
space:
mode:
authorRyan Harrison <rharrison@chromium.org>2017-09-22 10:53:34 -0400
committerChromium commit bot <commit-bot@chromium.org>2017-09-22 15:03:06 +0000
commit73bed4ef57444a2ea066d532a8a82b230fd206d9 (patch)
tree05b9a588ea3daa1e4ef997d47c9d9a0d200019ff /core/fxcodec/codec/ccodec_gifmodule.cpp
parent0150a5455829ede62017bc24ed9c4bcdc1cafef2 (diff)
downloadpdfium-73bed4ef57444a2ea066d532a8a82b230fd206d9.tar.xz
Fix crash when rendering invalid GIF
The core fix in this CL is a change to how LWZ decompression works, so that when the min code table size and the color palette size are different, color codes after the end of the defined color palette are considered errors. This CL also introduces a bunch of tweaks to the call return path, since there were multiple locations where the GIF decode failing status was being dropped on the floor, so the end widget would have a bitmap with the default colour in it, instead of nothing. BUG=chromium:616671 Change-Id: Id6f40d552dc24650c91e9903f710ff2fa63bc774 Reviewed-on: https://pdfium-review.googlesource.com/14630 Commit-Queue: Ryan Harrison <rharrison@chromium.org> Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcodec/codec/ccodec_gifmodule.cpp')
-rw-r--r--core/fxcodec/codec/ccodec_gifmodule.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/codec/ccodec_gifmodule.cpp b/core/fxcodec/codec/ccodec_gifmodule.cpp
index f7e3546a8f..911323c3a1 100644
--- a/core/fxcodec/codec/ccodec_gifmodule.cpp
+++ b/core/fxcodec/codec/ccodec_gifmodule.cpp
@@ -36,7 +36,7 @@ GifDecodeStatus CCodec_GifModule::ReadHeader(Context* pContext,
*width = context->width;
*height = context->height;
- *pal_num = context->global_pal_num;
+ *pal_num = (2 << context->global_pal_exp);
*pal_pp = context->m_GlobalPalette.empty() ? nullptr
: context->m_GlobalPalette.data();
*bg_index = context->bc_index;