We are currently migrating Bugzilla to GitHub issues.
Any changes made to the bug tracker now will be lost, so please do not post new bugs or make changes to them.
When we're done, all bug URLs will redirect to their equivalent location on the new bug tracker.

Bug 4802

Summary: fix detecting truncated files in IMG_gif.c
Product: SDL_image Reporter: Ozkan Sezer <sezeroz>
Component: miscAssignee: Sam Lantinga <slouken>
Status: RESOLVED FIXED QA Contact: Sam Lantinga <slouken>
Severity: normal    
Priority: P2    
Version: unspecified   
Hardware: All   
OS: All   
Attachments: patch for SDL2_image-2.x
patch for SDL_image-1.2.x
updated patch for SDL_image-1.2.x
updated patch for SDL2_image-2.0.x

Description Ozkan Sezer 2019-09-11 20:37:36 UTC 
Created attachment 3966 [details]
patch for SDL2_image-2.x

Commit https://hg.libsdl.org/SDL_image/rev/19beb4a1bb54 by Ryan
(gif: Don't get into infinite loops on truncated files) changes
a zero check to a zero-or-negative check in GetCode().  However,
the checked variable count is an unsigned char and we can never
catch negative returns from GetDataBlock() that way there.

I suggest something like the following (also attached):

diff --git a/IMG_gif.c b/IMG_gif.c
--- a/IMG_gif.c
+++ b/IMG_gif.c
@@ -405,8 +405,10 @@ GetCode(SDL_RWops *src, int code_size, i
         state->buf[0] = state->buf[state->last_byte - 2];
         state->buf[1] = state->buf[state->last_byte - 1];
 
-        if ((count = GetDataBlock(src, &state->buf[2], state)) <= 0)
+        ret = GetDataBlock(src, &state->buf[2], state);
+        if (ret <= 0)
             state->done = TRUE;
+        count = (ret > 0)? (unsigned char)ret : 0;
 
         state->last_byte = 2 + count;
         state->curbit = (state->curbit - state->lastbit) + 16;

We still aren't immediately returning, but at least we shall be
able to catch a truncated file.

OK to push?
Comment 1 Ozkan Sezer 2019-09-11 20:38:10 UTC 
Created attachment 3967 [details]
patch for SDL_image-1.2.x
Comment 2 Ozkan Sezer 2019-09-12 09:03:29 UTC 
Created attachment 3968 [details]
updated patch for SDL_image-1.2.x

updated patch for SDL_image-1.2.x
Comment 3 Ozkan Sezer 2019-09-12 09:04:14 UTC 
Created attachment 3969 [details]
updated patch for SDL2_image-2.0.x

updated patch for SDL2_image-2.0.x
Comment 4 Ozkan Sezer 2019-09-16 18:12:29 UTC 
applied the patches
http://hg.libsdl.org/SDL_image/rev/9fdd742bc446
http://hg.libsdl.org/SDL_image/rev/6ee16d592de2

if it can be improved better, please do so.