Gitweb links: ...log http://git.netsurf-browser.org/libnsgif.git/shortlog/6e42a2495ac64e41434f5ec3164bf5786d8d02ee ...commit http://git.netsurf-browser.org/libnsgif.git/commit/6e42a2495ac64e41434f5ec3164bf5786d8d02ee ...tree http://git.netsurf-browser.org/libnsgif.git/tree/6e42a2495ac64e41434f5ec3164bf5786d8d02ee
The branch, master has been updated via 6e42a2495ac64e41434f5ec3164bf5786d8d02ee (commit) via 815676f00a4cb3c470970ea7b4cac3452b7f9d88 (commit) via 1764ddb0017da494a7d7519802404d3fdd011c9a (commit) from 3665353c4da1dfb7b4a1d9fa412f0dec2cb673d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commitdiff http://git.netsurf-browser.org/libnsgif.git/commit/?id=6e42a2495ac64e41434f5ec3164bf5786d8d02ee commit 6e42a2495ac64e41434f5ec3164bf5786d8d02ee Author: Michael Drake <t...@netsurf-browser.org> Commit: Michael Drake <michael.dr...@codethink.co.uk> libnsgif: Fix LZW Minimum Code Size check. The passed value is now checked for validity in lzw_decode_init() too, but checking here allows an early exit. diff --git a/src/libnsgif.c b/src/libnsgif.c index 49e790a..7c40eeb 100644 --- a/src/libnsgif.c +++ b/src/libnsgif.c @@ -418,7 +418,7 @@ static gif_result gif_initialise_frame(gif_animation *gif) if (gif_bytes < 1) { return GIF_INSUFFICIENT_FRAME_DATA; } - if (gif_data[0] > LZW_CODE_MAX) { + if (gif_data[0] >= LZW_CODE_MAX) { return GIF_DATA_ERROR; } commitdiff http://git.netsurf-browser.org/libnsgif.git/commit/?id=815676f00a4cb3c470970ea7b4cac3452b7f9d88 commit 815676f00a4cb3c470970ea7b4cac3452b7f9d88 Author: Michael Drake <michael.dr...@codethink.co.uk> Commit: Michael Drake <michael.dr...@codethink.co.uk> lzw: Reject bad LZW Minimum Code Size. The libnsgif.c code was checking this incorrectly, so safest to check it in the lzw.c code. diff --git a/src/lzw.c b/src/lzw.c index 50d1d22..1f85496 100644 --- a/src/lzw.c +++ b/src/lzw.c @@ -272,6 +272,10 @@ lzw_result lzw_decode_init( { struct lzw_dictionary_entry *table = ctx->table; + if (code_size >= LZW_CODE_MAX) { + return LZW_BAD_ICODE; + } + /* Initialise the input reading context */ ctx->input.data = compressed_data; ctx->input.data_len = compressed_data_len; commitdiff http://git.netsurf-browser.org/libnsgif.git/commit/?id=1764ddb0017da494a7d7519802404d3fdd011c9a commit 1764ddb0017da494a7d7519802404d3fdd011c9a Author: Michael Drake <michael.dr...@codethink.co.uk> Commit: Michael Drake <michael.dr...@codethink.co.uk> lzw: Remove surplus semicolon. diff --git a/src/lzw.c b/src/lzw.c index 31cf7d4..50d1d22 100644 --- a/src/lzw.c +++ b/src/lzw.c @@ -230,7 +230,7 @@ static lzw_result lzw__clear_codes( /* Reset dictionary building context */ ctx->current_code_size = ctx->initial_code_size + 1; - ctx->current_code_size_max = (1 << ctx->current_code_size) - 1;; + ctx->current_code_size_max = (1 << ctx->current_code_size) - 1; ctx->current_entry = (1 << ctx->initial_code_size) + 2; /* There might be a sequence of clear codes, so process them all */ ----------------------------------------------------------------------- Summary of changes: src/libnsgif.c | 2 +- src/lzw.c | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/src/libnsgif.c b/src/libnsgif.c index 49e790a..7c40eeb 100644 --- a/src/libnsgif.c +++ b/src/libnsgif.c @@ -418,7 +418,7 @@ static gif_result gif_initialise_frame(gif_animation *gif) if (gif_bytes < 1) { return GIF_INSUFFICIENT_FRAME_DATA; } - if (gif_data[0] > LZW_CODE_MAX) { + if (gif_data[0] >= LZW_CODE_MAX) { return GIF_DATA_ERROR; } diff --git a/src/lzw.c b/src/lzw.c index 31cf7d4..1f85496 100644 --- a/src/lzw.c +++ b/src/lzw.c @@ -230,7 +230,7 @@ static lzw_result lzw__clear_codes( /* Reset dictionary building context */ ctx->current_code_size = ctx->initial_code_size + 1; - ctx->current_code_size_max = (1 << ctx->current_code_size) - 1;; + ctx->current_code_size_max = (1 << ctx->current_code_size) - 1; ctx->current_entry = (1 << ctx->initial_code_size) + 2; /* There might be a sequence of clear codes, so process them all */ @@ -272,6 +272,10 @@ lzw_result lzw_decode_init( { struct lzw_dictionary_entry *table = ctx->table; + if (code_size >= LZW_CODE_MAX) { + return LZW_BAD_ICODE; + } + /* Initialise the input reading context */ ctx->input.data = compressed_data; ctx->input.data_len = compressed_data_len; -- NetSurf GIF Decoder _______________________________________________ netsurf-commits mailing list -- netsurf-commits@netsurf-browser.org To unsubscribe send an email to netsurf-commits-le...@netsurf-browser.org