diff options
author | Michael Drake <tlsa@netsurf-browser.org> | 2021-11-04 17:22:55 +0000 |
---|---|---|
committer | Michael Drake <tlsa@netsurf-browser.org> | 2021-11-04 17:22:55 +0000 |
commit | 24c503f95e1f9ef726e546e616649120b666d15d (patch) | |
tree | 5dae964f93d7ee735ff353386d26ead2fb825237 | |
parent | 5e0642811e2edce8d8845fdf0bcb8f9eefc71f80 (diff) | |
download | libnsgif-24c503f95e1f9ef726e546e616649120b666d15d.tar.gz libnsgif-24c503f95e1f9ef726e546e616649120b666d15d.tar.bz2 |
GIF: Don't write into the GIF source data to handle errors.
-rw-r--r-- | src/libnsgif.c | 24 |
1 files changed, 6 insertions, 18 deletions
diff --git a/src/libnsgif.c b/src/libnsgif.c index 2a1fdfe..c2a8c73 100644 --- a/src/libnsgif.c +++ b/src/libnsgif.c @@ -887,25 +887,13 @@ static gif_result gif__parse_image_data( if (len < 1) return GIF_INSUFFICIENT_FRAME_DATA; block_size = data[0] + 1; /* Check if the frame data runs off the end of the file */ - if ((int)(len - block_size) < 0) { - /* Try to recover by signaling the end of the gif. - * Once we get garbage data, there is no logical way to - * determine where the next frame is. It's probably - * better to partially load the gif than not at all. - */ - if (len >= 2) { - data[0] = 0; - data[1] = GIF_TRAILER; - len = 1; - data++; - break; - } else { - return GIF_INSUFFICIENT_FRAME_DATA; - } - } else { - len -= block_size; - data += block_size; + if (block_size > len) { + block_size = len; + return GIF_OK; } + + len -= block_size; + data += block_size; } gif->frame_count = frame_idx + 1; |