mirror/aseprite
1
0
Fork 0
mirror of https://github.com/aseprite/aseprite.git synced 2025-03-29 10:20:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a bug when loading some broken-GIF (the 'lzw_write_pixel' routine was called with pos < 0).

Browse Source
This commit is contained in:
David Capello 2008-02-11 02:04:33 +00:00
parent a408d8917b
commit 7939776b94
2 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/file/gif/format.c
View File

@ -1,3 +1,4 @@
#include <assert.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -65,6 +66,7 @@ read_palette (FILE * file, GIF_PALETTE *palette)
static int lzw_read_pixel (int pos, unsigned char *data) static int lzw_read_pixel (int pos, unsigned char *data)
{ {
unsigned char *bitmap = data; unsigned char *bitmap = data;
assert(pos >= 0);
return bitmap[pos]; return bitmap[pos];
} }
@ -73,6 +75,8 @@ static int lzw_read_pixel (int pos, unsigned char *data)
static void lzw_write_pixel (int pos, int c, unsigned char *data) static void lzw_write_pixel (int pos, int c, unsigned char *data)
{ {
unsigned char *bitmap = data; unsigned char *bitmap = data;
assert(pos >= 0);
assert(c >= 0 && c <= 255);
bitmap[pos] = c; bitmap[pos] = c;
} }
@ -272,6 +276,8 @@ load_object (FILE * file, long size, void (*progress) (void *, float), void *dp)
frame.yoff = fgetw (file); frame.yoff = fgetw (file);
w = fgetw (file); w = fgetw (file);
h = fgetw (file); h = fgetw (file);
if (w < 1 || h < 1)
goto error;
bmp = calloc (w, h); bmp = calloc (w, h);
if (!bmp) if (!bmp)
goto error; goto error;
@ -293,7 +299,8 @@ load_object (FILE * file, long size, void (*progress) (void *, float), void *dp)
if (i & 64) if (i & 64)
interlaced = 1; interlaced = 1;
if (LZW_decode (file, lzw_write_pixel, bmp)) if (ferror (file) ||
LZW_decode (file, lzw_write_pixel, bmp))
goto error; goto error;
if (interlaced) if (interlaced)

16
src/file/gif/lzw.c
View File

@ -60,8 +60,8 @@ write_code (FILE * file, unsigned char *buf, int *bit_pos, int bit_size, int cod
int int
LZW_decode (FILE * file, LZW_decode (FILE * file,
void (*write_pixel)(int pos, int code, unsigned char *data), void (*write_pixel)(int pos, int code, unsigned char *data),
unsigned char *data) unsigned char *data)
{ {
unsigned char buf[256]; unsigned char buf[256];
int orig_bit_size; int orig_bit_size;
@ -98,12 +98,12 @@ LZW_decode (FILE * file,
/* Expect to read clear code as first code here. */ /* Expect to read clear code as first code here. */
prev = read_code (file, buf, &bit_pos, bit_size); prev = read_code (file, buf, &bit_pos, bit_size);
if (prev == -1) if (prev == -1 || ferror (file))
return -1; return -1;
do do
{ {
code = read_code (file, buf, &bit_pos, bit_size); code = read_code (file, buf, &bit_pos, bit_size);
if (code == -1) if (code == -1 || ferror (file))
return -1; return -1;
if (code == clear_marker) if (code == clear_marker)
{ {
@ -126,9 +126,13 @@ LZW_decode (FILE * file,
/* Output the code. */ /* Output the code. */
out_pos += codes[c].len; out_pos += codes[c].len;
i = 0; i = 0;
do do
{ {
if (out_pos - i < 0)
return -1;
write_pixel (out_pos - i, codes[c].c, data); write_pixel (out_pos - i, codes[c].c, data);
if (codes[c].len) if (codes[c].len)
c = codes[c].prefix; c = codes[c].prefix;
@ -171,7 +175,7 @@ LZW_decode (FILE * file,
static int static int
get_minimum_bitsize (int (*read_pixel)(int pos, unsigned char *data), get_minimum_bitsize (int (*read_pixel)(int pos, unsigned char *data),
int size, unsigned char *data) int size, unsigned char *data)
{ {
int i, max = 0, b = 2; int i, max = 0, b = 2;
for (i = 0; i < size; i++) for (i = 0; i < size; i++)
@ -189,7 +193,7 @@ get_minimum_bitsize (int (*read_pixel)(int pos, unsigned char *data),
void void
LZW_encode (FILE * file, int (*read_pixel)(int pos, unsigned char *data), LZW_encode (FILE * file, int (*read_pixel)(int pos, unsigned char *data),
int size, unsigned char *data) int size, unsigned char *data)
{ {
unsigned char buf[256]; unsigned char buf[256];
int orig_bit_size; int orig_bit_size;