From d7f24d5182df335aab8042e1f71f6e402c427e4b Mon Sep 17 00:00:00 2001
From: Ryan Harrison <rharrison@chromium.org>
Date: Thu, 12 Apr 2018 18:04:24 +0000
Subject: Fail decode if continuing to get insufficient size error

In the case that the low level LZW decoder has indicated insufficient
destination size, if another call to decode returns this status after
adjusting the destination size, consider it an error. Subsequent
iterations will not return a larger destination size, since the
expected row size doesn't change, so the code will just loop
infinitely, trying to decode a too large row.

BUG=pdfium:1059

Change-Id: I14c8cee721fa77d8aab5e99deff9406490f01468
Reviewed-on: https://pdfium-review.googlesource.com/30452
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
---
 core/fxcodec/gif/cfx_gifcontext.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'core')

diff --git a/core/fxcodec/gif/cfx_gifcontext.cpp b/core/fxcodec/gif/cfx_gifcontext.cpp
index 3e09489f64..66e316b951 100644
--- a/core/fxcodec/gif/cfx_gifcontext.cpp
+++ b/core/fxcodec/gif/cfx_gifcontext.cpp
@@ -322,7 +322,8 @@ CFX_GifDecodeStatus CFX_GifContext::LoadFrame(int32_t frame_num) {
                           &img_row_avail_size_)
                     : CFX_GifDecodeStatus::Error;
         }
-        if (ret == CFX_GifDecodeStatus::Error) {
+        if (ret == CFX_GifDecodeStatus::InsufficientDestSize ||
+            ret == CFX_GifDecodeStatus::Error) {
           DecodingFailureAtTailCleanup(gif_image);
           return CFX_GifDecodeStatus::Error;
         }
-- 
cgit v1.2.3