From 6368ca1c36488d1297c768a5fae52f65bb5b91be Mon Sep 17 00:00:00 2001 From: Kim Motoyoshi Kalland Date: Mon, 27 Sep 2010 13:34:59 +0200 Subject: Fixed potential crash when loading corrupt GIFs. Task-number: QTBUG-13774 Reviewed-by: aavit --- src/gui/image/qgifhandler.cpp | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/gui/image/qgifhandler.cpp b/src/gui/image/qgifhandler.cpp index 124d27b..a050baf 100644 --- a/src/gui/image/qgifhandler.cpp +++ b/src/gui/image/qgifhandler.cpp @@ -505,17 +505,26 @@ int QGIFFormat::decode(QImage *image, const uchar *buffer, int length, code=oldcode; } while (code>=clear_code+2) { + if (code >= max_code) { + state = Error; + return -1; + } *sp++=table[1][code]; if (code==table[0][code]) { state=Error; - break; + return -1; } if (sp-stack>=(1<<(max_lzw_bits))*2) { state=Error; - break; + return -1; } code=table[0][code]; } + if (code < 0) { + state = Error; + return -1; + } + *sp++=firstcode=table[1][code]; code=max_code; if (code<(1<