stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

6804997: JWS GIF Decoding Heap Corruption [V-r687oxuocp]

Browse Source 
Reviewed-by: prr
This commit is contained in:
Andrew Brygin 2009-03-06 12:40:38 +03:00
parent d033b16582
commit 6c11535cdd
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
jdk/src/share/native/sun/awt/giflib/dgif_lib.c
View File

@ -722,6 +722,10 @@ DGifSetupDecompress(GifFileType * GifFile) {
GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private; GifFilePrivateType *Private = (GifFilePrivateType *)GifFile->Private;
READ(GifFile, &CodeSize, 1); /* Read Code size from file. */ READ(GifFile, &CodeSize, 1); /* Read Code size from file. */
if (CodeSize >= 12) {
/* Invalid initial code size: report failure */
return GIF_ERROR;
}
BitsPerPixel = CodeSize; BitsPerPixel = CodeSize;
Private->Buf[0] = 0; /* Input Buffer empty. */ Private->Buf[0] = 0; /* Input Buffer empty. */
@ -964,10 +968,13 @@ DGifDecompressInput(GifFileType * GifFile,
/* If code cannot fit into RunningBits bits, must raise its size. Note /* If code cannot fit into RunningBits bits, must raise its size. Note
* however that codes above 4095 are used for special signaling. */ * however that codes above 4095 are used for special signaling. */
if (++Private->RunningCode > Private->MaxCode1 && if (++Private->RunningCode > Private->MaxCode1) {
Private->RunningBits < LZ_BITS) { if (Private->RunningBits < LZ_BITS) {
Private->MaxCode1 <<= 1; Private->MaxCode1 <<= 1;
Private->RunningBits++; Private->RunningBits++;
} else {
Private->RunningCode = Private->MaxCode1;
}
} }
return GIF_OK; return GIF_OK;
} }