summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/libnsgif.c6
-rw-r--r--test/data/lzwoob.gifbin0 -> 40 bytes
2 files changed, 4 insertions, 2 deletions
diff --git a/src/libnsgif.c b/src/libnsgif.c
index 4e45c50..87371f2 100644
--- a/src/libnsgif.c
+++ b/src/libnsgif.c
@@ -1221,7 +1221,8 @@ static bool gif_next_LZW(gif_animation *gif) {
*
* Note: our stack is always big enough to hold a complete decompressed chunk. */
while (code >= clear_code) {
- if (stack_pointer >= stack + ((1 << GIF_MAX_LZW) * 2)) {
+ if (stack_pointer >= stack + ((1 << GIF_MAX_LZW) * 2) ||
+ code >= (1 << GIF_MAX_LZW)) {
gif->current_error = GIF_FRAME_DATA_ERROR;
return false;
}
@@ -1232,7 +1233,8 @@ static bool gif_next_LZW(gif_animation *gif) {
break;
}
- if (stack_pointer >= stack + ((1 << GIF_MAX_LZW) * 2)) {
+ if (stack_pointer >= stack + ((1 << GIF_MAX_LZW) * 2) ||
+ new_code >= (1 << GIF_MAX_LZW)) {
gif->current_error = GIF_FRAME_DATA_ERROR;
return false;
}
diff --git a/test/data/lzwoob.gif b/test/data/lzwoob.gif
new file mode 100644
index 0000000..c0c03b5
--- /dev/null
+++ b/test/data/lzwoob.gif
Binary files differ