fix gif import crash

Change-Id: I3a5e0efef6843fb8f8b485fa2369ac5b99513c31 (cherry picked from commit 839e051c658a638a259be6a6bb091b654fac405f) Reviewed-on: https://gerrit.libreoffice.org/17003 Reviewed-by: David Tardon <dtardon@redhat.com> Reviewed-by: Eike Rathke <erack@redhat.com> Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2015-07-11 15:31:19 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2015-07-14 11:15:02 +0000
commit: 6029d711a7af1a68ffa8d0cb0a0bd8092984f659 (patch)
tree: 205e010d31dcf4e6988d198f9adab9f680ccd9d0
parent: emf: fix another hang (diff)
download: core-6029d711a7af1a68ffa8d0cb0a0bd8092984f659.tar.gz
core-6029d711a7af1a68ffa8d0cb0a0bd8092984f659.zip
2 files changed, 2 insertions, 0 deletions
diff --git a/vcl/qa/cppunit/graphicfilter/data/gif/pass/crash-1.gif b/vcl/qa/cppunit/graphicfilter/data/gif/pass/crash-1.gif
new file mode 100644
index 000000000000..860f9e1d8fae
--- /dev/null
+++ b/vcl/qa/cppunit/graphicfilter/data/gif/pass/crash-1.gif
diff --git a/vcl/source/filter/igif/decode.cxx b/vcl/source/filter/igif/decode.cxx
index 46a666f812ae..1b18f5ee134a 100644
--- a/vcl/source/filter/igif/decode.cxx
+++ b/vcl/source/filter/igif/decode.cxx
@@ -197,6 +197,8 @@ bool GIFLZWDecompressor::ProcessOneCode()
         pE = pTable + nCode;
         do
         {
+            if (pOutBufData == pOutBuf) //can't go back past start
+                return false;
             nOutBufDataLen++;
             *(--pOutBufData) = pE->nData;
             pE = pE->pPrev;
author	Caolán McNamara <caolanm@redhat.com>	2015-07-11 15:31:19 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2015-07-14 11:15:02 +0000
commit	6029d711a7af1a68ffa8d0cb0a0bd8092984f659 (patch)
tree	205e010d31dcf4e6988d198f9adab9f680ccd9d0
parent	emf: fix another hang (diff)
download	core-6029d711a7af1a68ffa8d0cb0a0bd8092984f659.tar.gz core-6029d711a7af1a68ffa8d0cb0a0bd8092984f659.zip