summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Drake <tlsa@netsurf-browser.org>2021-11-04 17:22:55 +0000
committerMichael Drake <tlsa@netsurf-browser.org>2021-11-04 17:22:55 +0000
commit24c503f95e1f9ef726e546e616649120b666d15d (patch)
tree5dae964f93d7ee735ff353386d26ead2fb825237
parent5e0642811e2edce8d8845fdf0bcb8f9eefc71f80 (diff)
downloadlibnsgif-24c503f95e1f9ef726e546e616649120b666d15d.tar.gz
libnsgif-24c503f95e1f9ef726e546e616649120b666d15d.tar.bz2
GIF: Don't write into the GIF source data to handle errors.
-rw-r--r--src/libnsgif.c24
1 files changed, 6 insertions, 18 deletions
diff --git a/src/libnsgif.c b/src/libnsgif.c
index 2a1fdfe..c2a8c73 100644
--- a/src/libnsgif.c
+++ b/src/libnsgif.c
@@ -887,25 +887,13 @@ static gif_result gif__parse_image_data(
if (len < 1) return GIF_INSUFFICIENT_FRAME_DATA;
block_size = data[0] + 1;
/* Check if the frame data runs off the end of the file */
- if ((int)(len - block_size) < 0) {
- /* Try to recover by signaling the end of the gif.
- * Once we get garbage data, there is no logical way to
- * determine where the next frame is. It's probably
- * better to partially load the gif than not at all.
- */
- if (len >= 2) {
- data[0] = 0;
- data[1] = GIF_TRAILER;
- len = 1;
- data++;
- break;
- } else {
- return GIF_INSUFFICIENT_FRAME_DATA;
- }
- } else {
- len -= block_size;
- data += block_size;
+ if (block_size > len) {
+ block_size = len;
+ return GIF_OK;
}
+
+ len -= block_size;
+ data += block_size;
}
gif->frame_count = frame_idx + 1;