diff options
author | Ryan Harrison <rharrison@chromium.org> | 2018-04-12 18:04:24 +0000 |
---|---|---|
committer | Chromium commit bot <commit-bot@chromium.org> | 2018-04-12 18:04:24 +0000 |
commit | d7f24d5182df335aab8042e1f71f6e402c427e4b (patch) | |
tree | 7e6c9efea97837d442153202a31200a3406a5749 /core/fxcodec/gif | |
parent | 6998bc502dd2798115024c48b95e6e9180b2b3ee (diff) | |
download | pdfium-d7f24d5182df335aab8042e1f71f6e402c427e4b.tar.xz |
Fail decode if continuing to get insufficient size error
In the case that the low level LZW decoder has indicated insufficient
destination size, if another call to decode returns this status after
adjusting the destination size, consider it an error. Subsequent
iterations will not return a larger destination size, since the
expected row size doesn't change, so the code will just loop
infinitely, trying to decode a too large row.
BUG=pdfium:1059
Change-Id: I14c8cee721fa77d8aab5e99deff9406490f01468
Reviewed-on: https://pdfium-review.googlesource.com/30452
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Diffstat (limited to 'core/fxcodec/gif')
-rw-r--r-- | core/fxcodec/gif/cfx_gifcontext.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/core/fxcodec/gif/cfx_gifcontext.cpp b/core/fxcodec/gif/cfx_gifcontext.cpp index 3e09489f64..66e316b951 100644 --- a/core/fxcodec/gif/cfx_gifcontext.cpp +++ b/core/fxcodec/gif/cfx_gifcontext.cpp @@ -322,7 +322,8 @@ CFX_GifDecodeStatus CFX_GifContext::LoadFrame(int32_t frame_num) { &img_row_avail_size_) : CFX_GifDecodeStatus::Error; } - if (ret == CFX_GifDecodeStatus::Error) { + if (ret == CFX_GifDecodeStatus::InsufficientDestSize || + ret == CFX_GifDecodeStatus::Error) { DecodingFailureAtTailCleanup(gif_image); return CFX_GifDecodeStatus::Error; } |