Fix handling of broken GIFs with weird frame sizes

Source/platform/image-decoders/gif/GIFImageReader.cpp

 /* -*- Mode: C; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
  *
  * Software distributed under the License is distributed on an "AS IS" basis,
@@ skipping 416 matching lines @@
                 m_version = 89;
             else if (!strncmp((char*)currentComponent, "GIF87a", 6))
                 m_version = 87;
             else
                 return false;
             GETN(7, GIFGlobalHeader);
             break;
         }
 
         case GIFGlobalHeader: {
-            // This is the height and width of the "screen" or frame into which images are rendered. The
-            // individual images can be smaller than the screen size and located with an origin anywhere
-            // within the screen.
+            // This is the height and width of the "screen" or frame into which
+            // images are rendered. The individual images can be smaller than
+            // the screen size and located with an origin anywhere within the
+            // screen.
+            // Note that we don't inform the client of the size yet, as it might
+            // change after we read the first frame's image header.
             m_screenWidth = GETINT16(currentComponent);
             m_screenHeight = GETINT16(currentComponent + 2);
 
-            // CALLBACK: Inform the decoderplugin of our size.
-            // Note: A subsequent frame might have dimensions larger than the "screen" dimensions.
-            if (m_client && !m_client->setSize(m_screenWidth, m_screenHeight))
-                return false;
-
             const size_t globalColorMapColors = 2 << (currentComponent[4] & 0x07);
 
             if ((currentComponent[4] & 0x80) && globalColorMapColors > 0) { /* global map */
                 m_globalColorMap.setTablePositionAndSize(dataPosition, globalColorMapColors);
                 GETN(BYTES_PER_COLORMAP_ENTRY * globalColorMapColors, GIFGlobalColormap);
                 break;
             }
 
             GETN(1, GIFImageStart);
             break;
@@ skipping 167 matching lines @@
             unsigned height, width, xOffset, yOffset;
 
             /* Get image offsets, with respect to the screen origin */
             xOffset = GETINT16(currentComponent);
             yOffset = GETINT16(currentComponent + 2);
 
             /* Get image width and height. */
             width  = GETINT16(currentComponent + 4);
             height = GETINT16(currentComponent + 6);
 
-            /* Work around broken GIF files where the logical screen
-             * size has weird width or height.  We assume that GIF87a
-             * files don't contain animations.
-             */
-            if (currentFrameIsFirstFrame()
-                && ((m_screenHeight < height) || (m_screenWidth < width) || (m_version == 87))) {
-                m_screenHeight = height;
-                m_screenWidth = width;
-                xOffset = 0;
-                yOffset = 0;
-
-                // CALLBACK: Inform the decoderplugin of our size.
-                if (m_client && !m_client->setSize(m_screenWidth, m_screenHeight))
-                    return false;
+            // Some GIF files have frames that don't fit in the specified
+            // overall image size. For the first frame, we can simply enlarge
+            // the image size to allow the frame to be visible.  We can't do
+            // this on subsequent frames because the rest of the decoding
+            // infrastructure assumes the image size won't change as we
+            // continue decoding, so any subsequent frames that are even
+            // larger will be cropped.
+            // Luckily, handling just the first frame is sufficient to deal
+            // with most cases, e.g. ones where the image size is erroneously
+            // set to zero, since usually the first frame completely fills
+            // the image.
+            if (currentFrameIsFirstFrame()) {
+                m_screenHeight = std::max(m_screenHeight, yOffset + height);
+                m_screenWidth = std::max(m_screenWidth, xOffset + width);
             }
 
-            // Work around more broken GIF files that have zero image width or height
-            if (!height || !width) {
-                height = m_screenHeight;
-                width = m_screenWidth;
-                if (!height || !width)
-                    return false;
-            }
+            // Inform the client of the final size.
+            if (!m_sentSizeToClient && m_client && !m_client->setSize(m_screenWidth, m_screenHeight))
+                return false;
+            m_sentSizeToClient = true;
 
             if (query == GIFImageDecoder::GIFSizeQuery) {
                 // The decoder needs to stop. Hand back the number of bytes we consumed from
                 // buffer minus 9 (the amount we consumed to read the header).
                 setRemainingBytes(len + 9);
                 GETN(9, GIFImageHeader);
                 return true;
             }
 
             addFrameIfNecessary();
             GIFFrameContext* currentFrame = m_frames.last().get();
 
             currentFrame->setHeaderDefined();
+
+            // Work around more broken GIF files that have zero image width or
+            // height.
+            if (!height || !width) {
+                height = m_screenHeight;
+                width = m_screenWidth;
+                if (!height || !width)
+                    return false;
+            }
             currentFrame->setRect(xOffset, yOffset, width, height);
-            m_screenWidth = std::max(m_screenWidth, width);
-            m_screenHeight = std::max(m_screenHeight, height);
             currentFrame->setInterlaced(currentComponent[8] & 0x40);
 
             // Overlaying interlaced, transparent GIFs over
             // existing image data using the Haeberli display hack
             // requires saving the underlying image in order to
             // avoid jaggies at the transparency edges. We are
             // unprepared to deal with that, so don't display such
             // images progressively. Which means only the first
             // frame can be progressively displayed.
             // FIXME: It is possible that a non-transparent frame
@@ skipping 107 matching lines @@
     rowIter = rowBuffer.begin();
     rowsRemaining = m_frameContext->height();
 
     // Clearing the whole suffix table lets us be more tolerant of bad data.
     for (int i = 0; i < clearCode; ++i) {
         suffix[i] = i;
         suffixLength[i] = 1;
     }
     return true;
 }