1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
$NetBSD: patch-ac,v 1.5 2007/02/17 07:04:45 adam Exp $
--- gd_gif_in.c.orig 2007-02-03 02:41:00.000000000 +0100
+++ gd_gif_in.c
@@ -118,6 +118,7 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
char version[4];
/* 2.0.28: threadsafe storage */
int ZeroDataBlock = FALSE;
+ int maxcount = 1024;
gdImagePtr im = 0;
if (! ReadOK(fd,buf,6)) {
@@ -166,6 +167,8 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFro
}
if (c != ',') { /* Not a valid start character */
+ if (--maxcount < 0)
+ goto terminated; /* Looping */
continue;
}
@@ -253,6 +256,7 @@ static int
DoExtension(gdIOCtx *fd, int label, int *Transparent, int *ZeroDataBlockP)
{
static unsigned char buf[256];
+ int maxcount = 1024;
switch (label) {
case 0xf9: /* Graphic Control Extension */
@@ -265,13 +269,13 @@ DoExtension(gdIOCtx *fd, int label, int
if ((buf[0] & 0x1) != 0)
*Transparent = buf[3];
- while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0)
+ while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount >= 0)
;
return FALSE;
default:
break;
}
- while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0)
+ while (GetDataBlock(fd, (unsigned char*) buf, ZeroDataBlockP) > 0 && --maxcount >= 0)
;
return FALSE;
@@ -430,14 +434,15 @@ LWZReadByte_(gdIOCtx *fd, int flag, int
} else if (code == end_code) {
int count;
unsigned char buf[260];
+ int maxcount = 1024;
if (*ZeroDataBlockP)
return -2;
- while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0)
+ while ((count = GetDataBlock(fd, buf, ZeroDataBlockP)) > 0 && --maxcount >= 0)
;
- if (count != 0)
+ if (count != 0 || maxcount < 0)
return -2;
}
|
