Gif: Detect string decoding errors

This CL adds some checks to make sure the DecodeString method does not go out out control: If code is equal to code_table[code].prefix, it will try to loop forever. Even if that's not the case, avoid reading a negative position from the stack. Bug: chromium:722672 Change-Id: I638f91542ba21f3a9915198fef853cc3cf94f4f1 Reviewed-on: https://pdfium-review.googlesource.com/5513 Reviewed-by: Tom Sepez <tsepez@chromium.org> Commit-Queue: Nicolás Peña <npm@chromium.org>
author: Nicolas Pena <npm@chromium.org> 2017-05-16 18:30:24 -0400
committer: Chromium commit bot <commit-bot@chromium.org> 2017-05-17 00:56:02 +0000
commit: 7876609b3540137663d48282ad94ba42a3749e73 (patch)
tree: 81c594651cb6a048ee61699a876dd12d5e471082 /core/fxcodec/lgif/fx_gif.h
parent: b332581e185760597e8f0160011b1e6094634ed8 (diff)
download: pdfium-7876609b3540137663d48282ad94ba42a3749e73.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/core/fxcodec/lgif/fx_gif.h b/core/fxcodec/lgif/fx_gif.h
index 5df1f817ef..d7cd5d83fb 100644
--- a/core/fxcodec/lgif/fx_gif.h
+++ b/core/fxcodec/lgif/fx_gif.h
@@ -142,7 +142,7 @@ class CGifLZWDecoder {
  private:
   void ClearTable();
   void AddCode(uint16_t prefix_code, uint8_t append_char);
-  void DecodeString(uint16_t code);
+  bool DecodeString(uint16_t code);
 
   uint8_t code_size;
   uint8_t code_size_cur;
author	Nicolas Pena <npm@chromium.org>	2017-05-16 18:30:24 -0400
committer	Chromium commit bot <commit-bot@chromium.org>	2017-05-17 00:56:02 +0000
commit	7876609b3540137663d48282ad94ba42a3749e73 (patch)
tree	81c594651cb6a048ee61699a876dd12d5e471082 /core/fxcodec/lgif/fx_gif.h
parent	b332581e185760597e8f0160011b1e6094634ed8 (diff)
download	pdfium-7876609b3540137663d48282ad94ba42a3749e73.tar.xz