FLTK logo

Re: [fltk/fltk] Fl_GIF_Image decoder bug (#274)
FLTK matrix user chat room (using Element browser app)   FLTK gitter user chat room   GitHub FLTK Project   FLTK News RSS Feed  
  FLTK Apps      FLTK Library      Forums      Links     Login 
 All Forums  |  Back to fltk.issues  ]
 
Previous Message ]New Message | Reply ]Next Message ]

Re: [fltk/fltk] Fl_GIF_Image decoder bug (#274) wcout Sep 17, 2021  
 

The crash happens in line
https://github.com/fltk/fltk/blob/a774e120bc11dedc52c2e80185ccbd2f1acda59b/src/Fl_GIF_Image.cxx#L347
because tp advances unchecked beyond the buffer end.
Putting in a check like while (i >= ColorMapSize && tp < OutCode + 4096) fixes the crash, but the resulting image has artefacts.

Yes, I'm referring to this section in the GIF specification, the decoding part:

As we can see from the above, when the decoder's table is full, it must
not change the table until a clear code is received.  The Code Size is that
of the maximum Code Size.  Processing other than this is done normally.

The current FLTK decoding changes the last table entry on this occasion, leading to the artefacts (and crash because the offsets go beyond 4096).

As I see it, this is an encoder issue also, because to me it makes no sense to store more "words in the dictionary" than the decoder can handle. But obviously other viewers can handle this situation correctly, so it seems an allowed thing.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.

Direct Link to Message ]		  
     
Previous Message ]New Message | Reply ]Next Message ]
 
 

Comments are owned by the poster. All other content is copyright 1998-2024 by Bill Spitzak and others. This project is hosted by The FLTK Team. Please report site problems to 'erco@seriss.com'.