File tree Expand file tree Collapse file tree 2 files changed +9
-3
lines changed Expand file tree Collapse file tree 2 files changed +9
-3
lines changed Original file line number Diff line number Diff line change 77- Fixed a potential stack overflow bug with BMP images (Issue #466 )
88- Fixed a potential heap overflow bug with the table-of-contents (Issue #467 )
99- Fixed a potential heap overflow bug with headings (Issue #468 )
10+ - Fixed a potential stack overflow bug with GIF images (Issue #470 )
1011
1112
1213# Changes in HTMLDOC v1.9.14
Original file line number Diff line number Diff line change @@ -465,7 +465,6 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
465465 {
466466 uchar buf[260 ];
467467
468-
469468 if (!gif_eof)
470469 while (gif_get_block (fp, buf) > 0 );
471470
@@ -482,17 +481,23 @@ gif_read_lzw(FILE *fp, /* I - File to read from */
482481
483482 while (code >= clear_code)
484483 {
484+ if (sp >= (stack + sizeof (stack)))
485+ return (255 );
486+
485487 *sp++ = table[1 ][code];
488+
486489 if (code == table[0 ][code])
487490 return (255 );
488491
489492 code = table[0 ][code];
490493 }
491494
495+ if (sp >= (stack + sizeof (stack)))
496+ return (255 );
497+
492498 *sp++ = firstcode = table[1 ][code];
493- code = max_code;
494499
495- if (code < 4096 )
500+ if (( code = max_code) < 4096 )
496501 {
497502 table[0 ][code] = oldcode;
498503 table[1 ][code] = firstcode;
You can’t perform that action at this time.
0 commit comments