< prev index next >
src/java.desktop/share/native/libsplashscreen/giflib/dgif_lib.c
Print this page
*** 112,129 ****
/* Belt and suspenders, in case the null pointer isn't zero */
GifFile->SavedImages = NULL;
GifFile->SColorMap = NULL;
! Private = (GifFilePrivateType *)malloc(sizeof(GifFilePrivateType));
if (Private == NULL) {
if (Error != NULL)
*Error = D_GIF_ERR_NOT_ENOUGH_MEM;
(void)close(FileHandle);
free((char *)GifFile);
return NULL;
}
#ifdef _WIN32
_setmode(FileHandle, O_BINARY); /* Make sure it is in binary mode. */
#endif /* _WIN32 */
f = fdopen(FileHandle, "rb"); /* Make it into a stream: */
--- 112,132 ----
/* Belt and suspenders, in case the null pointer isn't zero */
GifFile->SavedImages = NULL;
GifFile->SColorMap = NULL;
! Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType));
if (Private == NULL) {
if (Error != NULL)
*Error = D_GIF_ERR_NOT_ENOUGH_MEM;
(void)close(FileHandle);
free((char *)GifFile);
return NULL;
}
+
+ /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType));
+
#ifdef _WIN32
_setmode(FileHandle, O_BINARY); /* Make sure it is in binary mode. */
#endif /* _WIN32 */
f = fdopen(FileHandle, "rb"); /* Make it into a stream: */
*** 195,211 ****
/* Belt and suspenders, in case the null pointer isn't zero */
GifFile->SavedImages = NULL;
GifFile->SColorMap = NULL;
! Private = (GifFilePrivateType *)malloc(sizeof(GifFilePrivateType));
if (!Private) {
if (Error != NULL)
*Error = D_GIF_ERR_NOT_ENOUGH_MEM;
free((char *)GifFile);
return NULL;
}
GifFile->Private = (void *)Private;
Private->FileHandle = 0;
Private->File = NULL;
Private->FileState = FILE_STATE_READ;
--- 198,215 ----
/* Belt and suspenders, in case the null pointer isn't zero */
GifFile->SavedImages = NULL;
GifFile->SColorMap = NULL;
! Private = (GifFilePrivateType *)calloc(1, sizeof(GifFilePrivateType));
if (!Private) {
if (Error != NULL)
*Error = D_GIF_ERR_NOT_ENOUGH_MEM;
free((char *)GifFile);
return NULL;
}
+ /*@i1@*/memset(Private, '\0', sizeof(GifFilePrivateType));
GifFile->Private = (void *)Private;
Private->FileHandle = 0;
Private->File = NULL;
Private->FileState = FILE_STATE_READ;
*** 415,426 ****
}
}
if (GifFile->SavedImages) {
SavedImage* new_saved_images =
! (SavedImage *)realloc(GifFile->SavedImages,
! sizeof(SavedImage) * (GifFile->ImageCount + 1));
if (new_saved_images == NULL) {
GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM;
return GIF_ERROR;
}
GifFile->SavedImages = new_saved_images;
--- 419,430 ----
}
}
if (GifFile->SavedImages) {
SavedImage* new_saved_images =
! (SavedImage *)reallocarray(GifFile->SavedImages,
! (GifFile->ImageCount + 1), sizeof(SavedImage));
if (new_saved_images == NULL) {
GifFile->Error = D_GIF_ERR_NOT_ENOUGH_MEM;
return GIF_ERROR;
}
GifFile->SavedImages = new_saved_images;
*** 786,795 ****
--- 790,805 ----
if (READ(GifFile, &CodeSize, 1) < 1) { /* Read Code size from file. */
return GIF_ERROR; /* Failed to read Code size. */
}
BitsPerPixel = CodeSize;
+ /* this can only happen on a severely malformed GIF */
+ if (BitsPerPixel > 8) {
+ GifFile->Error = D_GIF_ERR_READ_FAILED; /* somewhat bogus error code */
+ return GIF_ERROR; /* Failed to read Code size. */
+ }
+
Private->Buf[0] = 0; /* Input Buffer empty. */
Private->BitsPerPixel = BitsPerPixel;
Private->ClearCode = (1 << BitsPerPixel);
Private->EOFCode = Private->ClearCode + 1;
Private->RunningCode = Private->EOFCode + 1;
*** 1121,1131 ****
ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height;
if (ImageSize > (SIZE_MAX / sizeof(GifPixelType))) {
return GIF_ERROR;
}
! sp->RasterBits = (unsigned char *)malloc(ImageSize *
sizeof(GifPixelType));
if (sp->RasterBits == NULL) {
return GIF_ERROR;
}
--- 1131,1141 ----
ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height;
if (ImageSize > (SIZE_MAX / sizeof(GifPixelType))) {
return GIF_ERROR;
}
! sp->RasterBits = (unsigned char *)reallocarray(NULL, ImageSize,
sizeof(GifPixelType));
if (sp->RasterBits == NULL) {
return GIF_ERROR;
}
< prev index next >