Merge 52833 - Public GIF decoder should stop decoding when allocation fails...

WebCore/platform/image-decoders/gif/GIFImageReader.cpp

 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
@@ skipping 86 matching lines @@
   PR_BEGIN_MACRO                     \
     bytes_to_consume = (n);      \
     state = (s);                 \
   PR_END_MACRO
 
 /* Get a 16-bit value stored in little-endian format */
 #define GETINT16(p)   ((p)[1]<<8|(p)[0])
 
 //******************************************************************************
 // Send the data to the display front-end.
-void GIFImageReader::output_row()
+bool GIFImageReader::output_row()
 {
   GIFFrameReader* gs = frame_reader;
 
   int drow_start, drow_end;
 
   drow_start = drow_end = gs->irow;
 
   /*
    * Haeberli-inspired hack for interlaced GIFs: Replicate lines while
    * displaying to diminish the "venetian-blind" effect as the image is
@@ skipping 29 matching lines @@
 
     /* Clamp first and last rows to upper and lower edge of image. */
     if (drow_start < 0)
       drow_start = 0;
     if ((unsigned)drow_end >= gs->height)
       drow_end = gs->height - 1;
   }
 
   /* Protect against too much image data */
   if ((unsigned)drow_start >= gs->height)
-    return;
+    return true;
 
   // CALLBACK: Let the client know we have decoded a row.
-  if (clientptr && frame_reader)
-    clientptr->haveDecodedRow(images_count - 1, frame_reader->rowbuf, frame_reader->rowend,
-                              drow_start, drow_end - drow_start + 1,
-                              gs->progressive_display && gs->interlaced && gs->ipass > 1);
+  if (clientptr && frame_reader &&
+      !clientptr->haveDecodedRow(images_count - 1, frame_reader->rowbuf, frame_reader->rowend,
+                                 drow_start, drow_end - drow_start + 1,
+                                 gs->progressive_display && gs->interlaced && gs->ipass > 1))
+    return false;
 
   gs->rowp = gs->rowbuf;
 
   if (!gs->interlaced)
     gs->irow++;
   else {
     do {
       switch (gs->ipass)
       {
         case 1:
@@ skipping 26 matching lines @@
             gs->ipass++;
             gs->irow = 0;
           }
           break;
 
         default:
           break;
       }
     } while (gs->irow > (gs->height - 1));
   }
+
+  return true;
 }
 
 //******************************************************************************
 /* Perform Lempel-Ziv-Welch decoding */
-int GIFImageReader::do_lzw(const unsigned char *q)
+bool GIFImageReader::do_lzw(const unsigned char *q)
 {
   GIFFrameReader* gs = frame_reader;
   if (!gs)
-    return 0;
+    return true;
 
   int code;
   int incode;
   const unsigned char *ch;
   
   /* Copy all the decoder state variables into locals so the compiler
    * won't worry about them being aliased.  The locals will be homed
    * back into the GIF decoder structure when we exit.
    */
   int avail       = gs->avail;
@@ skipping 13 matching lines @@
 
   unsigned short *prefix  = gs->prefix;
   unsigned char *stackp   = gs->stackp;
   unsigned char *suffix   = gs->suffix;
   unsigned char *stack    = gs->stack;
   unsigned char *rowp     = gs->rowp;
   unsigned char *rowend   = gs->rowend;
   unsigned rows_remaining = gs->rows_remaining;
 
   if (rowp == rowend)
-    return 0;
+    return true;
 
 #define OUTPUT_ROW                                                  \
   PR_BEGIN_MACRO                                                        \
-    output_row();                                                     \
+    if (!output_row())                                                     \
+      return false;                                                        \
     rows_remaining--;                                                   \
     rowp = frame_reader->rowp;                                                    \
     if (!rows_remaining)                                                \
       goto END;                                                         \
   PR_END_MACRO
 
   for (ch = q; cnt-- > 0; ch++)
   {
     /* Feed the next byte into the decoder's 32-bit input buffer. */
     datum += ((int) *ch) << bits;
@@ skipping 12 matching lines @@
         codesize = gs->datasize + 1;
         codemask = (1 << codesize) - 1;
         avail = clear_code + 2;
         oldcode = -1;
         continue;
       }
 
       /* Check for explicit end-of-stream code */
       if (code == (clear_code + 1)) {
         /* end-of-stream should only appear after all image data */
-        if (rows_remaining != 0)
-          return -1;
-        return 0;
+        return rows_remaining == 0;
       }
 
       if (oldcode == -1) {
         *rowp++ = suffix[code];
         if (rowp == rowend)
           OUTPUT_ROW;
 
         firstchar = oldcode = code;
         continue;
       }
 
       incode = code;
       if (code >= avail) {
         *stackp++ = firstchar;
         code = oldcode;
 
         if (stackp == stack + MAX_BITS)
-          return -1;
+          return false;
       }
 
       while (code >= clear_code)
       {
         if (code >= MAX_BITS || code == prefix[code])
-          return -1;
+          return false;
 
         // Even though suffix[] only holds characters through suffix[avail - 1],
         // allowing code >= avail here lets us be more tolerant of malformed
         // data. As long as code < MAX_BITS, the only risk is a garbled image,
         // which is no worse than refusing to display it.
         *stackp++ = suffix[code];
         code = prefix[code];
 
         if (stackp == stack + MAX_BITS)
-          return -1;
+          return false;
       }
 
       *stackp++ = firstchar = suffix[code];
 
       /* Define a new codeword in the dictionary. */
       if (avail < 4096) {
         prefix[avail] = oldcode;
         suffix[avail] = firstchar;
         avail++;
 
@@ skipping 26 matching lines @@
   gs->codesize = codesize;
   gs->codemask = codemask;
   count = cnt;
   gs->oldcode = oldcode;
   gs->firstchar = firstchar;
   gs->datum = datum;
   gs->stackp = stackp;
   gs->rowp = rowp;
   gs->rows_remaining = rows_remaining;
 
-  return 0;
+  return true;
 }
 
 
 /******************************************************************************/
 /*
  * process data arriving from the stream for the gif decoder
  */
 
 bool GIFImageReader::read(const unsigned char *buf, unsigned len, 
                      GIFImageDecoder::GIFQuery query, unsigned haltAtFrame)
@@ skipping 48 matching lines @@
   //    So that next round in for loop, q gets pointed to the next buffer.
 
   for (;len >= bytes_to_consume; q=buf) {
     // Eat the current block from the buffer, q keeps pointed at current block
     buf += bytes_to_consume;
     len -= bytes_to_consume;
 
     switch (state)
     {
     case gif_lzw:
-      if (do_lzw(q) < 0) {
+      if (!do_lzw(q)) {
         state = gif_error;
         break;
       }
       GETN(1, gif_sub_block);
       break;
 
     case gif_lzw_start:
     {
       /* Initialize LZW parser/decoder */
       int datasize = *q;
@@ skipping 487 matching lines @@
       p = hold;
     if (p)
       memcpy(p, buf, len);
     bytes_to_consume -= len;
   }
 
   if (clientptr)
     clientptr->decodingHalted(0);
   return true;
 }