Commit 911d267d authored by Sven Neumann's avatar Sven Neumann Committed by Sven Neumann
Browse files

added a sanity check for bogus frame dimensions. Fixes bug #169113.

2005-03-03  Sven Neumann  <sven@gimp.org>

	* plug-ins/common/gifload.c (ReadImage): added a sanity check for
	bogus frame dimensions. Fixes bug #169113.
parent 6fa94dd8
2005-03-03 Sven Neumann <sven@gimp.org>
* plug-ins/common/gifload.c (ReadImage): added a sanity check for
bogus frame dimensions. Fixes bug #169113.
2005-03-03 Sven Neumann <sven@gimp.org>
* plug-ins/common/autocrop.c: allocate tile-cache size more
......
......@@ -408,6 +408,7 @@ load_image (const gchar *filename)
g_message ("Error reading local colormap");
return image_ID; /* will be -1 if failed on first image! */
}
image_ID = ReadImage (fd, filename, LM_to_uint (buf[4], buf[5]),
LM_to_uint (buf[6], buf[7]),
localColorMap, bitPixel,
......@@ -416,8 +417,7 @@ load_image (const gchar *filename)
(guint) LM_to_uint (buf[0], buf[1]),
(guint) LM_to_uint (buf[2], buf[3]),
GifScreen.Width,
GifScreen.Height
);
GifScreen.Height);
}
else
{
......@@ -429,8 +429,7 @@ load_image (const gchar *filename)
(guint) LM_to_uint (buf[0], buf[1]),
(guint) LM_to_uint (buf[2], buf[3]),
GifScreen.Width,
GifScreen.Height
);
GifScreen.Height);
}
#ifdef FACEHUGGERS
......@@ -806,7 +805,7 @@ ReadImage (FILE *fd,
guint screenwidth,
guint screenheight)
{
static gint32 image_ID;
static gint32 image_ID = -1;
static gint frame_number = 1;
gint32 layer_ID;
......@@ -823,7 +822,12 @@ ReadImage (FILE *fd,
gboolean alpha_frame = FALSE;
static int previous_disposal;
/* Guard against bogus frame size */
if (len < 1 || height < 1)
{
g_message ("Bogus frame dimensions");
return -1;
}
/*
** Initialize the Compression routines
......@@ -864,7 +868,8 @@ ReadImage (FILE *fd,
if (Gif89.delayTime < 0)
framename = g_strdup (_("Background"));
else
framename = g_strdup_printf (_("Background (%d%s)"), 10*Gif89.delayTime, "ms");
framename = g_strdup_printf (_("Background (%d%s)"),
10 * Gif89.delayTime, "ms");
previous_disposal = Gif89.disposal;
......@@ -914,7 +919,8 @@ ReadImage (FILE *fd,
if (Gif89.delayTime < 0)
framename = g_strdup_printf (_("Frame %d"), frame_number);
else
framename = g_strdup_printf (_("Frame %d (%d%s)"), frame_number, 10*Gif89.delayTime, "ms");
framename = g_strdup_printf (_("Frame %d (%d%s)"),
frame_number, 10 * Gif89.delayTime, "ms");
switch (previous_disposal)
{
......@@ -957,7 +963,8 @@ ReadImage (FILE *fd,
layer_ID = gimp_layer_new (image_ID, framename,
len, height,
promote_to_rgb ? GIMP_RGBA_IMAGE : GIMP_INDEXEDA_IMAGE,
promote_to_rgb ?
GIMP_RGBA_IMAGE : GIMP_INDEXEDA_IMAGE,
100, GIMP_NORMAL_MODE);
alpha_frame = TRUE;
g_free (framename);
......@@ -1071,6 +1078,7 @@ ReadImage (FILE *fd,
if ((cur_progress % 16) == 0)
gimp_progress_update ((double) cur_progress / (double) max_progress);
}
if (ypos >= height)
break;
}
......@@ -1079,8 +1087,10 @@ fini:
if (LZWReadByte (fd, FALSE, c) >= 0)
g_print ("GIF: too much input data, ignoring extra...\n");
gimp_pixel_rgn_init (&pixel_rgn, drawable, 0, 0, drawable->width, drawable->height, TRUE, FALSE);
gimp_pixel_rgn_set_rect (&pixel_rgn, dest, 0, 0, drawable->width, drawable->height);
gimp_pixel_rgn_init (&pixel_rgn, drawable,
0, 0, drawable->width, drawable->height, TRUE, FALSE);
gimp_pixel_rgn_set_rect (&pixel_rgn, dest,
0, 0, drawable->width, drawable->height);
g_free (dest);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment