summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNico Weber <thakis@chromium.org>2020-11-29 14:01:16 -0500
committerAndreas Kling <kling@serenityos.org>2020-11-29 20:21:30 +0100
commit86cec77eb59185e1b04a5a5c5fe0b649dab3d923 (patch)
treeaaf5d7ba695b197997ce886886b5d78cf364d2fb
parent2e4832c3da770357c1a45a5f4c5af5ee4b32c7ad (diff)
downloadserenity-86cec77eb59185e1b04a5a5c5fe0b649dab3d923.zip
LibGfx: skip zero-width frames
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27913 and https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27873
Diffstat
-rw-r--r--Libraries/LibGfx/GIFLoader.cpp7
1 files changed, 4 insertions, 3 deletions
diff --git a/Libraries/LibGfx/GIFLoader.cpp b/Libraries/LibGfx/GIFLoader.cpp
index 20704f04e7..63feed39c8 100644
--- a/Libraries/LibGfx/GIFLoader.cpp
+++ b/Libraries/LibGfx/GIFLoader.cpp
@@ -354,12 +354,13 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
if (code.value() == clear_code) {
decoder.reset();
continue;
- } else if (code.value() == end_of_information_code) {
- break;
}
+ if (code.value() == end_of_information_code)
+ break;
+ if (!image.width)
+ continue;
auto colors = decoder.get_output();
-
for (const auto& color : colors) {
auto c = color_map[color];
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-17 16:43:49 +0000