diff options
author | Emmanuele Bassi <ebassi@gmail.com> | 2022-08-09 14:49:05 +0000 |
---|---|---|
committer | Emmanuele Bassi <ebassi@gmail.com> | 2022-08-09 14:49:05 +0000 |
commit | 8ad828c2782355c1747c62b3700bdc052e12e241 (patch) | |
tree | 6e869172214f03747fd78d5e8e2dcc8382d769db | |
parent | 60b09ff71096ea1332f6c9694bc1abc5d33cf695 (diff) | |
parent | 449441210921c8ed417b0c4d5edbccd2d57e23f8 (diff) | |
download | gdk-pixbuf-8ad828c2782355c1747c62b3700bdc052e12e241.tar.gz |
Merge branch 'gif-lzw-code-size-overflow' into 'master'
Fix overflow when reading GIF images with invalid LZW initial code size.
See merge request GNOME/gdk-pixbuf!130
-rw-r--r-- | gdk-pixbuf/io-gif.c | 4 | ||||
-rw-r--r-- | gdk-pixbuf/lzw.c | 2 | ||||
-rw-r--r-- | tests/test-images/fail/overflow-codes-max.gif | bin | 0 -> 65 bytes | |||
-rw-r--r-- | tests/test-images/fail/overflow-codes.gif | bin | 0 -> 35 bytes | |||
-rw-r--r-- | tests/test-images/gif-test-suite/TESTS | 2 | ||||
-rw-r--r-- | tests/test-images/gif-test-suite/invalid-code.conf | 11 | ||||
-rw-r--r-- | tests/test-images/gif-test-suite/invalid-code.gif | bin | 0 -> 35 bytes | |||
-rw-r--r-- | tests/test-images/gif-test-suite/invalid-colors.gif | bin | 37 -> 35 bytes | |||
-rw-r--r-- | tests/test-images/gif-test-suite/overflow-codes-max.conf | 11 | ||||
-rw-r--r-- | tests/test-images/gif-test-suite/overflow-codes-max.gif | bin | 0 -> 65 bytes | |||
-rw-r--r-- | tests/test-images/gif-test-suite/overflow-codes.conf | 11 | ||||
-rw-r--r-- | tests/test-images/gif-test-suite/overflow-codes.gif | bin | 0 -> 35 bytes |
12 files changed, 39 insertions, 2 deletions
diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c index 1befba155..310bdff6a 100644 --- a/gdk-pixbuf/io-gif.c +++ b/gdk-pixbuf/io-gif.c @@ -499,8 +499,8 @@ gif_prepare_lzw (GifContext *context) /*g_message (_("GIF: EOF / read error on image data\n"));*/ return -1; } - - if (context->lzw_set_code_size > 12) { + + if (context->lzw_set_code_size >= 12) { g_set_error_literal (context->error, GDK_PIXBUF_ERROR, GDK_PIXBUF_ERROR_CORRUPT_IMAGE, diff --git a/gdk-pixbuf/lzw.c b/gdk-pixbuf/lzw.c index 105daf2b1..15293560b 100644 --- a/gdk-pixbuf/lzw.c +++ b/gdk-pixbuf/lzw.c @@ -121,6 +121,8 @@ lzw_decoder_new (guint8 code_size) LZWDecoder *self; int i; + g_return_val_if_fail (code_size <= LZW_CODE_MAX, NULL); + self = g_object_new (lzw_decoder_get_type (), NULL); self->min_code_size = code_size; diff --git a/tests/test-images/fail/overflow-codes-max.gif b/tests/test-images/fail/overflow-codes-max.gif Binary files differnew file mode 100644 index 000000000..3d507ca7d --- /dev/null +++ b/tests/test-images/fail/overflow-codes-max.gif diff --git a/tests/test-images/fail/overflow-codes.gif b/tests/test-images/fail/overflow-codes.gif Binary files differnew file mode 100644 index 000000000..c38053872 --- /dev/null +++ b/tests/test-images/fail/overflow-codes.gif diff --git a/tests/test-images/gif-test-suite/TESTS b/tests/test-images/gif-test-suite/TESTS index 1d4a3f13f..bc573acf4 100644 --- a/tests/test-images/gif-test-suite/TESTS +++ b/tests/test-images/gif-test-suite/TESTS @@ -44,6 +44,8 @@ max-height 255-codes large-codes max-codes +#overflow-codes +#overflow-codes-max transparent invalid-transparent disabled-transparent diff --git a/tests/test-images/gif-test-suite/invalid-code.conf b/tests/test-images/gif-test-suite/invalid-code.conf new file mode 100644 index 000000000..3bf287b4e --- /dev/null +++ b/tests/test-images/gif-test-suite/invalid-code.conf @@ -0,0 +1,11 @@ +# Automatically generated, do not edit! +[config] +input = invalid-code.gif +version = GIF89a +width = 2 +height = 2 +background = #000000 +loop-count = 0 +force-animation = no +frames = + diff --git a/tests/test-images/gif-test-suite/invalid-code.gif b/tests/test-images/gif-test-suite/invalid-code.gif Binary files differnew file mode 100644 index 000000000..7d929c943 --- /dev/null +++ b/tests/test-images/gif-test-suite/invalid-code.gif diff --git a/tests/test-images/gif-test-suite/invalid-colors.gif b/tests/test-images/gif-test-suite/invalid-colors.gif Binary files differindex c3111525a..6c3a7240e 100644 --- a/tests/test-images/gif-test-suite/invalid-colors.gif +++ b/tests/test-images/gif-test-suite/invalid-colors.gif diff --git a/tests/test-images/gif-test-suite/overflow-codes-max.conf b/tests/test-images/gif-test-suite/overflow-codes-max.conf new file mode 100644 index 000000000..f6d3f38d8 --- /dev/null +++ b/tests/test-images/gif-test-suite/overflow-codes-max.conf @@ -0,0 +1,11 @@ +# Automatically generated, do not edit! +[config] +input = overflow-codes-max.gif +version = GIF89a +width = 2 +height = 2 +background = #000000 +loop-count = 0 +force-animation = no +frames = + diff --git a/tests/test-images/gif-test-suite/overflow-codes-max.gif b/tests/test-images/gif-test-suite/overflow-codes-max.gif Binary files differnew file mode 100644 index 000000000..3d507ca7d --- /dev/null +++ b/tests/test-images/gif-test-suite/overflow-codes-max.gif diff --git a/tests/test-images/gif-test-suite/overflow-codes.conf b/tests/test-images/gif-test-suite/overflow-codes.conf new file mode 100644 index 000000000..19f57fa74 --- /dev/null +++ b/tests/test-images/gif-test-suite/overflow-codes.conf @@ -0,0 +1,11 @@ +# Automatically generated, do not edit! +[config] +input = overflow-codes.gif +version = GIF89a +width = 2 +height = 2 +background = #000000 +loop-count = 0 +force-animation = no +frames = + diff --git a/tests/test-images/gif-test-suite/overflow-codes.gif b/tests/test-images/gif-test-suite/overflow-codes.gif Binary files differnew file mode 100644 index 000000000..c38053872 --- /dev/null +++ b/tests/test-images/gif-test-suite/overflow-codes.gif |