From c9d0bcccbd4cc460bb3e26f767eea2d33a5b48b6 Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Mon, 23 Oct 2017 16:39:06 -0400
Subject: Return error when attempting to load frame with 0 height

A frame with 0 height will have no data, so there is not point in
attempting to load it. Additionally some of the loading code assumes a
non-zero height implicitly.

BUG=chromium:770470

Change-Id: I38b222b46b43ce5d47924526913285510be40603
Reviewed-on: https://pdfium-review.googlesource.com/16551
Reviewed-by: dsinclair <dsinclair@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
---
 core/fxcodec/gif/cfx_gifcontext.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/core/fxcodec/gif/cfx_gifcontext.cpp b/core/fxcodec/gif/cfx_gifcontext.cpp
index ca2e7c3c88..fba7334c93 100644
--- a/core/fxcodec/gif/cfx_gifcontext.cpp
+++ b/core/fxcodec/gif/cfx_gifcontext.cpp
@@ -176,6 +176,9 @@ CFX_GifDecodeStatus CFX_GifContext::LoadFrame(int32_t frame_num) {
   uint8_t* img_data = nullptr;
   uint32_t skip_size_org = skip_size_;
   CFX_GifImage* gif_image = images_[static_cast<size_t>(frame_num)].get();
+  if (gif_image->image_info.height == 0)
+    return CFX_GifDecodeStatus::Error;
+
   uint32_t gif_img_row_bytes = gif_image->image_info.width;
   if (gif_img_row_bytes == 0)
     return CFX_GifDecodeStatus::Error;
-- 
cgit v1.2.3