summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorrmax <rmax>2007-09-11 18:05:03 (GMT)
committerrmax <rmax>2007-09-11 18:05:03 (GMT)
commit37983240fc7890cf83fdc1780090f668d1e472b6 (patch)
tree8328fbb356381b101c3a679d3faa8a0e92af1251
parent89022786e10d8bd3a7eb44f2053e1e31d6fcb0b0 (diff)
downloadtk-37983240fc7890cf83fdc1780090f668d1e472b6.zip
tk-37983240fc7890cf83fdc1780090f668d1e472b6.tar.gz
tk-37983240fc7890cf83fdc1780090f668d1e472b6.tar.bz2
* generic/tkImgGIF.c: Fixed a buffer overrun that got triggered by
multi-frame interlaced GIFs that contain subsequent frames that are smaller than the first one. * tests/imgPhoto.test: Added a test for the above.
-rw-r--r--ChangeLog8
-rw-r--r--generic/tkImgGIF.c4
-rw-r--r--tests/imgPhoto.test14
3 files changed, 23 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index 281f44a..ff7d6fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2007-09-11 Reinhard Max <max@suse.de>
+
+ * generic/tkImgGIF.c: Fixed a buffer overrun that got triggered by
+ multi-frame interlaced GIFs that contain subsequent frames that
+ are smaller than the first one.
+
+ * tests/imgPhoto.test: Added a test for the above.
+
2007-09-11 Don Porter <dgp@users.sourceforge.net>
* generic/tkConsole.c: Revised calls to Tcl_InitStubs() and
diff --git a/generic/tkImgGIF.c b/generic/tkImgGIF.c
index ec4e5fb..32c784e 100644
--- a/generic/tkImgGIF.c
+++ b/generic/tkImgGIF.c
@@ -32,7 +32,7 @@
* This file also contains code from miGIF. See lower down in file for the
* applicable copyright notice for that portion.
*
- * RCS: @(#) $Id: tkImgGIF.c,v 1.36 2007/09/07 00:34:52 dgp Exp $
+ * RCS: @(#) $Id: tkImgGIF.c,v 1.37 2007/09/11 18:05:04 rmax Exp $
*/
/*
@@ -1031,7 +1031,7 @@ ReadImage(
if (interlace) {
ypos += interlaceStep[pass];
- while (ypos >= height) {
+ while (ypos >= rows) {
pass++;
if (pass > 3) {
return TCL_OK;
diff --git a/tests/imgPhoto.test b/tests/imgPhoto.test
index 3f1af80..4ab922e 100644
--- a/tests/imgPhoto.test
+++ b/tests/imgPhoto.test
@@ -9,7 +9,7 @@
#
# Author: Paul Mackerras (paulus@cs.anu.edu.au)
#
-# RCS: @(#) $Id: imgPhoto.test,v 1.25 2007/05/16 18:10:35 dgp Exp $
+# RCS: @(#) $Id: imgPhoto.test,v 1.26 2007/09/11 18:05:04 rmax Exp $
package require tcltest 2.1
eval tcltest::configure $argv
@@ -653,6 +653,18 @@ test imgPhoto-14.2 {GIF -index handler buffer sizing} -setup {
image delete $i
} -returnCodes error -result {no image data for this index}
+test imgPhoto-14.3 {GIF -index interleaving and small frames} -setup {
+ set i [image create photo]
+} -body {
+ # Interleaved GIFs used to crash us when a smaller subsequent frame
+ # was accessed.
+ $i configure -format {GIF -index 1} -data {
+ R0lGODdhAQAFAPAAAP8AAAAAACwAAAAAAQAFAEACAoRdACwAAAAAAQAEAEACAoRRADs=
+ }
+} -cleanup {
+ image delete $i
+}
+
test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \
{nonPortable} {
# This is not portable to very large machines with more around