diff options
Diffstat (limited to 'src/pkg/image/gif/reader.go')
-rw-r--r-- | src/pkg/image/gif/reader.go | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/pkg/image/gif/reader.go b/src/pkg/image/gif/reader.go index 8e8531f9b..8b0298a29 100644 --- a/src/pkg/image/gif/reader.go +++ b/src/pkg/image/gif/reader.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// Package gif implements a GIF image decoder. +// Package gif implements a GIF image decoder and encoder. // // The GIF specification is at http://www.w3.org/Graphics/GIF/spec-gif89a.txt. package gif @@ -20,6 +20,7 @@ import ( var ( errNotEnough = errors.New("gif: not enough image data") errTooMuch = errors.New("gif: too much image data") + errBadPixel = errors.New("gif: invalid pixel value") ) // If the io.Reader does not also have ReadByte, then decode will introduce its own buffering. @@ -189,6 +190,7 @@ func (d *decoder) decode(r io.Reader, configOnly bool) error { // A wonderfully Go-like piece of magic. br := &blockReader{r: d.r} lzwr := lzw.NewReader(br, lzw.LSB, int(litWidth)) + defer lzwr.Close() if _, err = io.ReadFull(lzwr, m.Pix); err != nil { if err != io.ErrUnexpectedEOF { return err @@ -210,6 +212,15 @@ func (d *decoder) decode(r io.Reader, configOnly bool) error { return errTooMuch } + // Check that the color indexes are inside the palette. + if len(m.Palette) < 256 { + for _, pixel := range m.Pix { + if int(pixel) >= len(m.Palette) { + return errBadPixel + } + } + } + // Undo the interlacing if necessary. if d.imageFields&ifInterlace != 0 { uninterlace(m) |