Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(420)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/platform/image-decoders/gif/GIFImageReader.cpp

Issue 25422003: Ignore unsupported disposal methods when decoding GIF (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Add test Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/platform/image-decoders/gif/GIFImageDecoderTest.cpp ('k') | Source/web/tests/data/invalid-disposal-method.gif » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 1 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* ***** BEGIN LICENSE BLOCK ***** 2 /* ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 * 4 *
5 * The contents of this file are subject to the Mozilla Public License Version 5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with 6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at 7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/ 8 * http://www.mozilla.org/MPL/
9 * 9 *
10 * Software distributed under the License is distributed on an "AS IS" basis, 10 * Software distributed under the License is distributed on an "AS IS" basis,
(...skipping 538 matching lines...) Expand 10 before | Expand all | Expand 10 after
549 addFrameIfNecessary(); 549 addFrameIfNecessary();
550 GIFFrameContext* currentFrame = m_frames.last().get(); 550 GIFFrameContext* currentFrame = m_frames.last().get();
551 if (*currentComponent & 0x1) 551 if (*currentComponent & 0x1)
552 currentFrame->setTransparentPixel(currentComponent[3]); 552 currentFrame->setTransparentPixel(currentComponent[3]);
553 553
554 // We ignore the "user input" bit. 554 // We ignore the "user input" bit.
555 555
556 // NOTE: This relies on the values in the FrameDisposalMethod enum 556 // NOTE: This relies on the values in the FrameDisposalMethod enum
557 // matching those in the GIF spec! 557 // matching those in the GIF spec!
558 int disposalMethod = ((*currentComponent) >> 2) & 0x7; 558 int disposalMethod = ((*currentComponent) >> 2) & 0x7;
559 currentFrame->setDisposalMethod(static_cast<WebCore::ImageFrame::Dis posalMethod>(disposalMethod)); 559 if (disposalMethod < 4) {
560 // Some specs say that disposal method 3 is "overwrite previous", ot hers that setting 560 currentFrame->setDisposalMethod(static_cast<WebCore::ImageFrame: :DisposalMethod>(disposalMethod));
561 // the third bit of the field (i.e. method 4) is. We map both to the same value. 561 } else if (disposalMethod == 4) {
562 if (disposalMethod == 4) 562 // Some specs say that disposal method 3 is "overwrite previous" , others that setting
563 // the third bit of the field (i.e. method 4) is. We map both to the same value.
563 currentFrame->setDisposalMethod(WebCore::ImageFrame::DisposeOver writePrevious); 564 currentFrame->setDisposalMethod(WebCore::ImageFrame::DisposeOver writePrevious);
565 }
564 currentFrame->setDelayTime(GETINT16(currentComponent + 1) * 10); 566 currentFrame->setDelayTime(GETINT16(currentComponent + 1) * 10);
565 GETN(1, GIFConsumeBlock); 567 GETN(1, GIFConsumeBlock);
566 break; 568 break;
567 } 569 }
568 570
569 case GIFCommentExtension: { 571 case GIFCommentExtension: {
570 if (*currentComponent) 572 if (*currentComponent)
571 GETN(*currentComponent, GIFConsumeComment); 573 GETN(*currentComponent, GIFConsumeComment);
572 else 574 else
573 GETN(1, GIFImageStart); 575 GETN(1, GIFImageStart);
(...skipping 208 matching lines...) Expand 10 before | Expand all | Expand 10 after
782 // Clearing the whole suffix table lets us be more tolerant of bad data. 784 // Clearing the whole suffix table lets us be more tolerant of bad data.
783 memset(suffix, 0, sizeof(suffix)); 785 memset(suffix, 0, sizeof(suffix));
784 786
785 // Clearing the whole prefix table to prevent uninitialized access. 787 // Clearing the whole prefix table to prevent uninitialized access.
786 memset(prefix, 0, sizeof(prefix)); 788 memset(prefix, 0, sizeof(prefix));
787 for (int i = 0; i < clearCode; i++) 789 for (int i = 0; i < clearCode; i++)
788 suffix[i] = i; 790 suffix[i] = i;
789 stackp = 0; 791 stackp = 0;
790 return true; 792 return true;
791 } 793 }
OLDNEW
« no previous file with comments | « Source/core/platform/image-decoders/gif/GIFImageDecoderTest.cpp ('k') | Source/web/tests/data/invalid-disposal-method.gif » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698