fix another gif import crash

Change-Id: I0ffa569e0c4240e11184df7dd56b95d87a12425d (cherry picked from commit ee35b72064d8d1333709b102b051360018f8044b) Reviewed-on: https://gerrit.libreoffice.org/17002 Reviewed-by: David Tardon <dtardon@redhat.com> Reviewed-by: Caolán McNamara <caolanm@redhat.com> Tested-by: Caolán McNamara <caolanm@redhat.com>
author: Caolán McNamara <caolanm@redhat.com> 2015-07-12 10:56:48 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2015-07-14 11:41:59 +0000
commit: 11fb5b5cce6ebb857bd6ede39815b37256db3e1f (patch)
tree: 209f7b6fefaba38bbba720103428499f405bb9c7
parent: 6029d711a7af1a68ffa8d0cb0a0bd8092984f659 (diff)
2 files changed, 3 insertions, 0 deletions
diff --git a/vcl/qa/cppunit/graphicfilter/data/gif/pass/crash-2.gif b/vcl/qa/cppunit/graphicfilter/data/gif/pass/crash-2.gif
new file mode 100644
index 000000000000..b7265f807d51
--- /dev/null
+++ b/vcl/qa/cppunit/graphicfilter/data/gif/pass/crash-2.gif
diff --git a/vcl/source/filter/igif/decode.cxx b/vcl/source/filter/igif/decode.cxx
index 1b18f5ee134a..2b445e9e1d5a 100644
--- a/vcl/source/filter/igif/decode.cxx
+++ b/vcl/source/filter/igif/decode.cxx
@@ -193,6 +193,9 @@ bool GIFLZWDecompressor::ProcessOneCode()
 
         nOldCode = nCode;
 
+        if (nCode > 4096)
+            return false;
+
         // write character(/-sequence) of code nCode in the output buffer:
         pE = pTable + nCode;
         do
author	Caolán McNamara <caolanm@redhat.com>	2015-07-12 10:56:48 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2015-07-14 11:41:59 +0000
commit	11fb5b5cce6ebb857bd6ede39815b37256db3e1f (patch)
tree	209f7b6fefaba38bbba720103428499f405bb9c7
parent	6029d711a7af1a68ffa8d0cb0a0bd8092984f659 (diff)