From 4c6391873ec6a75617ac9df3f6906f41b6d9dbbd Mon Sep 17 00:00:00 2001 From: rmax Date: Tue, 11 Sep 2007 18:05:03 +0000 Subject: * generic/tkImgGIF.c: Fixed a buffer overrun that got triggered by multi-frame interlaced GIFs that contain subsequent frames that are smaller than the first one. * tests/imgPhoto.test: Added a test for the above. --- ChangeLog | 8 ++++++++ generic/tkImgGIF.c | 4 ++-- tests/imgPhoto.test | 14 +++++++++++++- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 281f44a..ff7d6fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,11 @@ +2007-09-11 Reinhard Max + + * generic/tkImgGIF.c: Fixed a buffer overrun that got triggered by + multi-frame interlaced GIFs that contain subsequent frames that + are smaller than the first one. + + * tests/imgPhoto.test: Added a test for the above. + 2007-09-11 Don Porter * generic/tkConsole.c: Revised calls to Tcl_InitStubs() and diff --git a/generic/tkImgGIF.c b/generic/tkImgGIF.c index ec4e5fb..32c784e 100644 --- a/generic/tkImgGIF.c +++ b/generic/tkImgGIF.c @@ -32,7 +32,7 @@ * This file also contains code from miGIF. See lower down in file for the * applicable copyright notice for that portion. * - * RCS: @(#) $Id: tkImgGIF.c,v 1.36 2007/09/07 00:34:52 dgp Exp $ + * RCS: @(#) $Id: tkImgGIF.c,v 1.37 2007/09/11 18:05:04 rmax Exp $ */ /* @@ -1031,7 +1031,7 @@ ReadImage( if (interlace) { ypos += interlaceStep[pass]; - while (ypos >= height) { + while (ypos >= rows) { pass++; if (pass > 3) { return TCL_OK; diff --git a/tests/imgPhoto.test b/tests/imgPhoto.test index 3f1af80..4ab922e 100644 --- a/tests/imgPhoto.test +++ b/tests/imgPhoto.test @@ -9,7 +9,7 @@ # # Author: Paul Mackerras (paulus@cs.anu.edu.au) # -# RCS: @(#) $Id: imgPhoto.test,v 1.25 2007/05/16 18:10:35 dgp Exp $ +# RCS: @(#) $Id: imgPhoto.test,v 1.26 2007/09/11 18:05:04 rmax Exp $ package require tcltest 2.1 eval tcltest::configure $argv @@ -653,6 +653,18 @@ test imgPhoto-14.2 {GIF -index handler buffer sizing} -setup { image delete $i } -returnCodes error -result {no image data for this index} +test imgPhoto-14.3 {GIF -index interleaving and small frames} -setup { + set i [image create photo] +} -body { + # Interleaved GIFs used to crash us when a smaller subsequent frame + # was accessed. + $i configure -format {GIF -index 1} -data { + R0lGODdhAQAFAPAAAP8AAAAAACwAAAAAAQAFAEACAoRdACwAAAAAAQAEAEACAoRRADs= + } +} -cleanup { + image delete $i +} + test imgPhoto-15.1 {photo images can fail to allocate memory gracefully} \ {nonPortable} { # This is not portable to very large machines with more around -- cgit v0.12