diff options
| author | Ryan Harrison <rharrison@chromium.org> | 2017-10-04 14:44:21 -0400 |
|---|---|---|
| committer | Chromium commit bot <commit-bot@chromium.org> | 2017-10-05 17:43:45 +0000 |
| commit | a3742637f501306f0ec3ffec73dbda8f22790863 (patch) | |
| tree | 4ca6ba57958fb9813d0949cd1bb12c633572f692 /core/fxcodec/gif/cfx_gifcontext.cpp | |
| parent | 921fe6bfde3b4cf3da4b55fab77103af3a65cab4 (diff) | |
| download | pdfium-a3742637f501306f0ec3ffec73dbda8f22790863.tar.xz | |
Make GIF decoder more standards complaint
Fixed issue with unit tests that was causing raw data to be backwards
and reverted related LSB -> MSB change that was introduced due to
this.
If global palette not set then the background colour index should be
0.
Check that background colour index is valid when global palette
exists.
Check if transparency index is valid for the palette of the frame it
is being applied to.
BUG=chromium:770337
Change-Id: I5d9b648f45bbb4c93218664a7035e4d01dbeb627
Reviewed-on: https://pdfium-review.googlesource.com/15453
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Reviewed-by: dsinclair <dsinclair@chromium.org>
Diffstat (limited to 'core/fxcodec/gif/cfx_gifcontext.cpp')
| -rw-r--r-- | core/fxcodec/gif/cfx_gifcontext.cpp | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/core/fxcodec/gif/cfx_gifcontext.cpp b/core/fxcodec/gif/cfx_gifcontext.cpp index 28bcad9ceb..ca2e7c3c88 100644 --- a/core/fxcodec/gif/cfx_gifcontext.cpp +++ b/core/fxcodec/gif/cfx_gifcontext.cpp @@ -390,9 +390,14 @@ CFX_GifDecodeStatus CFX_GifContext::ReadLogicalScreenDescriptor() { } if (lsd->global_flags.global_pal) { - uint32_t global_pal_size = unsigned(2 << lsd->global_flags.pal_bits) * 3u; - uint8_t* global_pal = nullptr; - if (!ReadData(&global_pal, global_pal_size)) { + uint32_t palette_count = unsigned(2 << lsd->global_flags.pal_bits); + if (lsd->bc_index >= palette_count) + return CFX_GifDecodeStatus::Error; + bc_index_ = lsd->bc_index; + + uint32_t palette_size = palette_count * 3u; + uint8_t* palette = nullptr; + if (!ReadData(&palette, palette_size)) { skip_size_ = skip_size_org; return CFX_GifDecodeStatus::Unfinished; } @@ -400,15 +405,15 @@ CFX_GifDecodeStatus CFX_GifContext::ReadLogicalScreenDescriptor() { global_pal_exp_ = lsd->global_flags.pal_bits; global_sort_flag_ = lsd->global_flags.sort_flag; global_color_resolution_ = lsd->global_flags.color_resolution; - global_palette_.resize(global_pal_size / 3); - memcpy(global_palette_.data(), global_pal, global_pal_size); + global_palette_.resize(palette_count); + memcpy(global_palette_.data(), palette, palette_size); } width_ = static_cast<int>( - FXWORD_GET_MSBFIRST(reinterpret_cast<uint8_t*>(&lsd->width))); + FXWORD_GET_LSBFIRST(reinterpret_cast<uint8_t*>(&lsd->width))); height_ = static_cast<int>( - FXWORD_GET_MSBFIRST(reinterpret_cast<uint8_t*>(&lsd->height))); - bc_index_ = lsd->bc_index; + FXWORD_GET_LSBFIRST(reinterpret_cast<uint8_t*>(&lsd->height))); + pixel_aspect_ = lsd->pixel_aspect; return CFX_GifDecodeStatus::Success; } @@ -544,9 +549,19 @@ CFX_GifDecodeStatus CFX_GifContext::DecodeImageInfo() { gif_image->data_pos += skip_size_; gif_image->image_GCE = nullptr; if (graphic_control_extension_.get()) { + if (graphic_control_extension_->gce_flags.transparency) { + // Need to test that the color that is going to be transparent is actually + // in the palette being used. + if (graphic_control_extension_->trans_index >= + 2 << (gif_image->local_palettes.empty() + ? global_pal_exp_ + : gif_image->local_pallette_exp)) + return CFX_GifDecodeStatus::Error; + } gif_image->image_GCE = std::move(graphic_control_extension_); graphic_control_extension_ = nullptr; } + images_.push_back(std::move(gif_image)); SaveDecodingStatus(GIF_D_STATUS_IMG_DATA); return CFX_GifDecodeStatus::Success; |