|
|
Stumbled upon a crash when trying load a GIF that was optimized by a tool.
The problem is with the LZW decompression, when the code table overflows.
A minor patch solves the issue:
diff --git a/src/Fl_GIF_Image.cxx b/src/Fl_GIF_Image.cxx
index d747ac480..8d58839df 100644
--- a/src/Fl_GIF_Image.cxx
+++ b/src/Fl_GIF_Image.cxx
@@ -363,15 +363,16 @@ void Fl_GIF_Image::load_gif_(Fl_Image_Reader &rdr)
} while (tp > OutCode);
if (OldCode != ClearCode) {
- Prefix[FreeCode] = (short)OldCode;
- Suffix[FreeCode] = FinChar;
+ if (FreeCode < 4096) {
+ Prefix[FreeCode] = (short)OldCode;
+ Suffix[FreeCode] = FinChar;
+ }
FreeCode++;
if (FreeCode > ReadMask) {
if (CodeSize < 12) {
CodeSize++;
ReadMask = (1 << CodeSize) - 1;
}
- else FreeCode--;
}
}
OldCode = CurCode;
The GIF doc says the application should continue to read 12 Bit Codes, but not store them. As it is now, the last code in the table gets overwritten, because FreeCode is decremented.
Here is my test gif:
gif_lzw_bug.zip
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.
[ Direct Link to Message ] | |
|
| |