From 9be9c3486688b84c723f41c85327abec238f15f9 Mon Sep 17 00:00:00 2001
From: npm <npm@chromium.org>
Date: Thu, 1 Dec 2016 10:36:44 -0800
Subject: Improve early return in CGifLZWDecoder::Decode

|code_size_cur| could be larger than |code_size|, so |code| could be
larger than |code_end|. If this happens, early return, since the Decode
has failed.

BUG=659417

Review-Url: https://codereview.chromium.org/2542673004
---
 core/fxcodec/lgif/fx_gif.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/fxcodec/lgif/fx_gif.cpp b/core/fxcodec/lgif/fx_gif.cpp
index b996ba9796..b509c8ccfd 100644
--- a/core/fxcodec/lgif/fx_gif.cpp
+++ b/core/fxcodec/lgif/fx_gif.cpp
@@ -118,7 +118,7 @@ int32_t CGifLZWDecoder::Decode(uint8_t* des_buf, uint32_t& des_size) {
       if (code == code_clear) {
         ClearTable();
         continue;
-      } else if (code == code_end) {
+      } else if (code >= code_end) {
         des_size = i;
         return 1;
       } else {
-- 
cgit v1.2.3