From 3eea9c499977ffd9da64ca9ad0967706a5b26004 Mon Sep 17 00:00:00 2001 From: Peter Szabo Date: Mon, 6 Aug 2018 18:44:02 +0200 Subject: [PATCH] backported some GifLib patches affecting https://github.com/pts/sam2p/issues/38 --- cgif.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/cgif.c b/cgif.c index 4ac6c94..001bc28 100644 --- a/cgif.c +++ b/cgif.c @@ -1368,6 +1368,12 @@ static int DGifDecompressInput(GifFilePrivateType *Private, int *Code) 0x0fff }; + /* The image can't contain more than LZ_BITS per code. */ + if (Private->RunningBits > LZ_BITS) { + return GIF_ERROR; + } + + while (Private->CrntShiftState < Private->RunningBits) { /* Needs to get more bytes from input stream for next code: */ if (DGifBufferedInput(Private->File, Private->Buf, &NextByte) @@ -1383,9 +1389,12 @@ static int DGifDecompressInput(GifFilePrivateType *Private, int *Code) Private->CrntShiftDWord >>= Private->RunningBits; Private->CrntShiftState -= Private->RunningBits; - /* If code cannt fit into RunningBits bits, must raise its size. Note */ - /* however that codes above 4095 are used for special signaling. */ - if (++Private->RunningCode > Private->MaxCode1 && + /* If code cannt fit into RunningBits bits, must raise its size. Note */ + /* however that codes above 4095 are used for special signaling. */ + /* If we're using LZ_BITS bits already and we're at the max code, just */ + /* keep using the table as it is, don't increment Private->RunningCode.*/ + if (Private->RunningCode < LZ_MAX_CODE + 2 && + ++Private->RunningCode > Private->MaxCode1 && Private->RunningBits < LZ_BITS) { Private->MaxCode1 <<= 1; Private->RunningBits++;