Permalink
Browse files

Merge pull request #4231 from ace20022/fix_gifs

[Fix] Some fixes for our gif decode implementation
  • Loading branch information...
2 parents c5fe343 + 4e305ff commit 7d7eb81eb748f0e595a5ed750bbe66e7ccf4ebed @jmarshallnz jmarshallnz committed Feb 20, 2014
Showing with 21 additions and 10 deletions.
  1. +18 −10 xbmc/guilib/AnimatedGif.cpp
  2. +3 −0 xbmc/guilib/AnimatedGif.h
@@ -29,6 +29,7 @@
#include "AnimatedGif.h"
#include "filesystem/SpecialProtocol.h"
#include "utils/EndianSwap.h"
+#include "utils/log.h"
#ifdef TARGET_WINDOWS
extern "C" FILE *fopen_utf8(const char *_Filename, const char *_Mode);
@@ -402,6 +403,10 @@ int CAnimatedGifSet::LoadGIF (const char * szFileName)
NextImage->Init(gifid.Width, gifid.Height, LocalColorMap ? (gifid.PackedFields&7) + 1 : GlobalBPP);
+ /* verify that all the image is inside the screen dimensions */
+ if (gifid.xPos + gifid.Width > giflsd.ScreenWidth || gifid.yPos + gifid.Height > giflsd.ScreenHeight)
+ return 0;
+
// Fill NextImage Data
NextImage->xPos = gifid.xPos;
NextImage->yPos = gifid.yPos;
@@ -464,6 +469,7 @@ int CAnimatedGifSet::LoadGIF (const char * szFileName)
else
{
delete NextImage;
+ CLog::Log(LOGERROR, "CAnimatedGifSet::LoadGIF: gif file corrupt: %s", szFileName);
ERRORMSG("GIF File Corrupt");
}
@@ -505,6 +511,8 @@ int LZWDecoder (char * bufIn, char * bufOut,
short InitCodeSize, int AlignedWidth,
int Width, int Height, const int Interlace)
{
+ if (InitCodeSize < 1 || InitCodeSize >= LZW_MAXBITS)
+ return 0;
int n;
int row = 0, col = 0; // used to point output if Interlaced
int nPixels, maxPixels; // Output pixel counter
@@ -520,12 +528,12 @@ int LZWDecoder (char * bufIn, char * bufOut,
short OutCode; // Code to output
// Translation Table:
- short Prefix[4096] = {}; // Prefix: index of another Code
- unsigned char Suffix[4096] = {}; // Suffix: terminating character
+ short Prefix[LZW_SIZETABLE] = {}; // Prefix: index of another Code
+ unsigned char Suffix[LZW_SIZETABLE] = {}; // Suffix: terminating character
short FirstEntry; // Index of first free entry in table
short NextEntry; // Index of next free entry in table
- unsigned char OutStack[4097]; // Output buffer
+ unsigned char OutStack[LZW_SIZETABLE + 1]; // Output buffer
int OutIndex; // Characters in OutStack
int RowOffset; // Offset in output buffer for current row
@@ -583,33 +591,33 @@ int LZWDecoder (char * bufIn, char * bufOut,
// - Table Suffices contain the raw codes to be output
while (OutCode >= FirstEntry)
{
- if (OutIndex > 4096 || OutCode >= 4096)
+ if (OutIndex > LZW_SIZETABLE || OutCode >= LZW_SIZETABLE)
return 0;
OutStack[OutIndex++] = Suffix[OutCode]; // Add suffix to Output Stack
OutCode = Prefix[OutCode]; // Loop with preffix
}
// NOW OutCode IS A RAW CODE, ADD IT TO OUTPUT STACK.
- if (OutIndex > 4096)
+ if (OutIndex > LZW_SIZETABLE)
return 0;
OutStack[OutIndex++] = (unsigned char) OutCode;
// ADD NEW ENTRY TO TABLE (PrevCode + OutCode)
// (EXCEPT IF PREVIOUS CODE WAS A CLEARCODE)
if (PrevCode != ClearCode)
{
+ // Prevent Translation table overflow:
+ if (NextEntry >= LZW_SIZETABLE)
+ return 0;
+
Prefix[NextEntry] = PrevCode;
Suffix[NextEntry] = (unsigned char) OutCode;
NextEntry++;
- // Prevent Translation table overflow:
- if (NextEntry >= 4096)
- return 0;
-
// INCREASE CodeSize IF NextEntry IS INVALID WITH CURRENT CodeSize
if (NextEntry >= (1 << CodeSize))
{
- if (CodeSize < 12) CodeSize++;
+ if (CodeSize < LZW_MAXBITS) CodeSize++;
else
{
;
@@ -37,6 +37,9 @@
#pragma pack(1)
+#define LZW_MAXBITS 12
+#define LZW_SIZETABLE (1<<LZW_MAXBITS)
+
/*!
\ingroup textures
\brief

0 comments on commit 7d7eb81

Please sign in to comment.