Mercurial Mercurial > hg > stx-libview / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ImageReader.st
changeset 1988 528dbff6ca26
parent 1983 03a93138c52a
child 2014 bcae1c2c32e4 
--- a/ImageReader.st	Mon Jan 19 17:33:48 1998 +0100
+++ b/ImageReader.st	Mon Jan 19 18:16:05 1998 +0100
@@ -450,7 +450,7 @@
 };
 
 static int        
-__decodeLZW__(from, to, inCount)
+__decodeLZW__(from, to, inCount, fromSize, toSize)
     unsigned char *from;
     unsigned char *to;
 {
@@ -468,8 +468,12 @@
     int i;
     int len;
     int codeLen = 9;
+    unsigned char *fromEnd, *toEnd;
     int ret = 1;        /* return success */
 
+    fromEnd = from + fromSize;
+    toEnd = to + toSize;
+
     scratchBuffer = (struct buffer *)malloc(sizeof(struct buffer));
     if (! scratchBuffer) return 0;
 
@@ -541,6 +545,11 @@
 	    nBits -= codeLen;
 	    if (code == 257) break;
 	    /* add to output */
+	    if (to >= toEnd) {
+		fprintf(stderr, "ImageReader [warning]: LZW outBuffer overrun\n");
+	        ret = 0;
+	        break;
+	    }
 	    *to++ = code;
 	    oldCode = code;
 	} else {
@@ -578,6 +587,11 @@
             
 		/* writeString(string[oldCode] + first(string[oldCode]) ) */
 		len = stringLen[oldCode];
+	        if ((to+len) >= toEnd) {
+		    fprintf(stderr, "ImageReader [warning]: LZW outBuffer overrun\n");
+	            ret = 0;
+	            goto out;
+	        }
 		bcopy(strings[oldCode], to, len);
 		to += len;
 		*to++ = strings[oldCode][0];
@@ -627,6 +641,10 @@
     free(strings);
     free(stringLen);
 
+    if (from > fromEnd) {
+        fprintf(stderr, "ImageReader [warning]: LZW inBuffer overrun\n");
+        ret = 0;
+    }
     return ret;
 }
 
@@ -657,7 +675,7 @@
  * GIF decompression
  */
 static int
-__decodeGIF__(from, to, inCount, initialCodeLen)
+__decodeGIF__(from, to, inCount, initialCodeLen, fromSize, toSize)
     unsigned char *from;
     unsigned char *to;
 {
@@ -669,13 +687,18 @@
     unsigned maxCode, oldCode, fin, inCode, curCode;
     register unsigned bits;
     register int nBits, mask, shift;
+    int ret = 1;
     int i;
     int len;
     int endCode, clearCode, freeCode;
     int codeLen = initialCodeLen;
+    unsigned char *fromEnd, *toEnd;
     static int ranges[] = {0, 1, 2, 4, 8, 16, 32, 64,
 			   128, 256, 512, 1024, 2048 };
 
+    fromEnd = from + fromSize;
+    toEnd = to + toSize;
+
     if ((unsigned)codeLen > 12) {
 	fprintf(stderr, "ImageReader [warning]: bad codelen in gif-decode\n");
 	return 0;
@@ -709,12 +732,14 @@
 	    inCount--;
 	    nBits += 8;
 	}
+	if (inCount <= 0)
+	    break;
 	code = bits & mask;
 	bits >>= codeLen;
 	nBits -= codeLen;
 	if (code == endCode) break;
 	if (code == clearCode) {
-	    if (! inCount)
+	    if (inCount <= 0)
 		break;
 
 	    codeLen = initialCodeLen;
@@ -728,11 +753,18 @@
 		inCount--;
 		nBits += 8;
 	    }
+	    if (inCount <= 0)
+	        break;
 	    code = bits & mask;
 	    bits >>= codeLen;
 	    nBits -= codeLen;
 	    if (code == endCode) break;
 	    /* add to output */
+	    if (to >= toEnd) {
+		fprintf(stderr, "ImageReader [warning]: GIF outBuffer overrun\n");
+	        ret = 0;
+	        break;
+	    }
 	    *to++ = code;
 	    oldCode = fin = curCode = code;
 	} else {
@@ -753,6 +785,11 @@
 	    fin = curCode;
 	    outCode[outCount++] = fin;
 
+	    if ((to+outCount) >= toEnd) {
+		fprintf(stderr, "ImageReader [warning]: GIF outBuffer overrun\n");
+	        ret = 0;
+	        break;
+	    }
 	    for (i = outCount - 1; i >= 0; i--)
 		*to++ = outCode[i];
 	    outCount = 0;
@@ -776,7 +813,11 @@
     free(suffix);
     free(outCode);
 
-    return 1;
+    if (from > fromEnd) {
+        fprintf(stderr, "ImageReader [warning]: GIF inBuffer overrun\n");
+        ret = 0;
+    }
+    return ret;
 }
 
 /*
@@ -1117,9 +1158,9 @@
      && __isByteArray(dstBytes)
      && __bothSmallInteger(offset, count)) {
 	if (__decodeCCITTgroup3__(_ByteArrayInstPtr(srcBytes)->ba_element,
-			      _ByteArrayInstPtr(dstBytes)->ba_element
-			      + _intVal(offset) - 1,
-			      _intVal(count))) {
+			          _ByteArrayInstPtr(dstBytes)->ba_element
+			          + _intVal(offset) - 1,
+			          _intVal(count))) {
 	    RETURN ( self );
 	}
     }
@@ -1137,11 +1178,14 @@
      && __isByteArray(dstBytes)
      && __bothSmallInteger(codeLen, offset)
      && __isSmallInteger(count)) {
-	if (__decodeGIF__(_ByteArrayInstPtr(srcBytes)->ba_element,
-		      _ByteArrayInstPtr(dstBytes)->ba_element
-		      + _intVal(offset) - 1,
-		      _intVal(count),
-		      _intVal(codeLen))) {
+	if (__decodeGIF__(__ByteArrayInstPtr(srcBytes)->ba_element,
+		          __ByteArrayInstPtr(dstBytes)->ba_element
+						+__intVal(offset) - 1,
+		          __intVal(count),
+		          __intVal(codeLen),
+			  __byteArraySize(srcBytes),
+			  __byteArraySize(dstBytes)
+			 )) {
 	    RETURN ( self );
 	}
     }
@@ -1158,10 +1202,13 @@
     if (__isByteArray(srcBytes) 
      && __isByteArray(dstBytes)
      && __bothSmallInteger(offset, count)) {
-	if (__decodeLZW__(_ByteArrayInstPtr(srcBytes)->ba_element,
-		      _ByteArrayInstPtr(dstBytes)->ba_element
-		      + _intVal(offset) - 1,
-		      _intVal(count))) {
+	if (__decodeLZW__(__ByteArrayInstPtr(srcBytes)->ba_element,
+		          __ByteArrayInstPtr(dstBytes)->ba_element
+		                              + __intVal(offset) - 1,
+		          __intVal(count),
+			  __byteArraySize(srcBytes),
+			  __byteArraySize(dstBytes)
+			)) {
 	    RETURN ( self );
 	}
     }
@@ -1889,5 +1936,5 @@
 !ImageReader class methodsFor:'documentation'!
 
 version
-    ^ '$Header: /cvs/stx/stx/libview/ImageReader.st,v 1.57 1998-01-16 15:09:34 cg Exp $'
+    ^ '$Header: /cvs/stx/stx/libview/ImageReader.st,v 1.58 1998-01-19 17:16:05 cg Exp $'
 ! !
hg/stx-libview