From 8c806cf08ff928630142f769ca689f7c89bfd648 Mon Sep 17 00:00:00 2001 From: Ryan Harrison Date: Tue, 26 Sep 2017 12:14:57 -0400 Subject: Confirm that a global palette has data before attempting to use it Previous implementation assumed that if the local colour palette was not specified and the global palette had its size specified, then use the global. If the global palette is disable, it will not have data, but it may have a size. Technically the size is giberish in this case, but the value is allowed to be non-zero, so isn't a sufficient check. BUG=chromium:768089 Change-Id: Iaec15fcd65f3983056df7d56d29118a516334cd9 Reviewed-on: https://pdfium-review.googlesource.com/14819 Reviewed-by: dsinclair Commit-Queue: Ryan Harrison --- core/fxcodec/codec/fx_codec_progress.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/core/fxcodec/codec/fx_codec_progress.cpp b/core/fxcodec/codec/fx_codec_progress.cpp index f10523cc39..0f2f56122b 100644 --- a/core/fxcodec/codec/fx_codec_progress.cpp +++ b/core/fxcodec/codec/fx_codec_progress.cpp @@ -625,6 +625,8 @@ bool CCodec_ProgressiveDecoder::GifInputRecordPositionBuf( if (pal_num != 0 && pal_ptr) { pPalette = (uint8_t*)pal_ptr; } else { + if (!m_pGifPalette) + return false; pal_num = m_GifPltNumber; pPalette = m_pGifPalette; } @@ -1207,6 +1209,7 @@ bool CCodec_ProgressiveDecoder::DetectImageType(FXCODEC_IMAGE_TYPE imageType, while (readResult == GifDecodeStatus::Unfinished) { FXCODEC_STATUS error_status = FXCODEC_STATUS_ERR_FORMAT; if (!GifReadMoreData(pGifModule, error_status)) { + m_pGifContext = nullptr; m_status = error_status; return false; } -- cgit v1.2.3