yyc12345/stb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

stb_image: Make GIF reader validate image size.

Browse Source 
I must've missed it when I did this for the other image loaders.
Either way, combined with the previous checkin, this should fix
issue #614 properly.

Fixes issue #614.
This commit is contained in:
Fabian Giesen 2019-03-01 19:47:59 -08:00
parent 50b1bfba58
commit 6570d6a825
1 changed files with 10 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
stb_image.h
View File

@ -6412,19 +6412,22 @@ static stbi_uc *stbi__gif_load_next(stbi__context *s, stbi__gif *g, int *comp, i
// on first frame, any non-written pixels get the background colour (non-transparent) // on first frame, any non-written pixels get the background colour (non-transparent)
first_frame = 0; first_frame = 0;
if (g->out == 0) { if (g->out == 0) {
if (!stbi__gif_header(s, g, comp,0)) return 0; // stbi__g_failure_reason set by stbi__gif_header if (!stbi__gif_header(s, g, comp,0)) return 0; // stbi__g_failure_reason set by stbi__gif_header
g->out = (stbi_uc *) stbi__malloc(4 * g->w * g->h); if (!stbi__mad3sizes_valid(4, g->w, g->h, 0))
g->background = (stbi_uc *) stbi__malloc(4 * g->w * g->h); return stbi__errpuc("too large", "GIF image is too large");
g->history = (stbi_uc *) stbi__malloc(g->w * g->h); pcount = g->w * g->h;
g->out = (stbi_uc *) stbi__malloc(4 * pcount);
g->background = (stbi_uc *) stbi__malloc(4 * pcount);
g->history = (stbi_uc *) stbi__malloc(pcount);
if (!g->out || !g->background || !g->history) if (!g->out || !g->background || !g->history)
return stbi__errpuc("outofmem", "Out of memory"); return stbi__errpuc("outofmem", "Out of memory");
// image is treated as "transparent" at the start - ie, nothing overwrites the current background; // image is treated as "transparent" at the start - ie, nothing overwrites the current background;
// background colour is only used for pixels that are not rendered first frame, after that "background" // background colour is only used for pixels that are not rendered first frame, after that "background"
// color refers to the color that was there the previous frame. // color refers to the color that was there the previous frame.
memset( g->out, 0x00, 4 * g->w * g->h ); memset(g->out, 0x00, 4 * pcount);
memset( g->background, 0x00, 4 * g->w * g->h ); // state of the background (starts transparent) memset(g->background, 0x00, 4 * pcount); // state of the background (starts transparent)
memset( g->history, 0x00, g->w * g->h ); // pixels that were affected previous frame memset(g->history, 0x00, pcount); // pixels that were affected previous frame
first_frame = 1; first_frame = 1;
} else { } else {
// second frame - how do we dispoase of the previous one? // second frame - how do we dispoase of the previous one?