libnsgif: Don't limit file offsets to 32 bits

Fixes #50 (GitHub).
hpjansson · Feb 7, 2021 · d55f068 · d55f068
1 parent 3a86d8b
commit d55f068
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 23 deletions.
diff --git a/libnsgif/libnsgif.c b/libnsgif/libnsgif.c
@@ -123,8 +123,8 @@ static gif_result
 gif_initialise_frame_extensions(gif_animation *gif, const int frame)
 {
         const unsigned char *gif_data, *gif_end;
-        int gif_bytes;
-        unsigned int block_size;
+        ssize_t gif_bytes;
+        ssize_t block_size;
 
         /* Get our buffer position etc.	*/
         gif_data = (const unsigned char *)(gif->gif_data + gif->buffer_position);
@@ -255,10 +255,10 @@ static gif_result gif_initialise_frame(gif_animation *gif)
         gif_frame *temp_buf;
 
         const unsigned char *gif_data, *gif_end;
-        int gif_bytes;
+        ssize_t gif_bytes;
         unsigned int flags = 0;
         unsigned int width, height, offset_x, offset_y;
-        unsigned int block_size, colour_table_size;
+        ssize_t block_size, colour_table_size;
         bool first_image = true;
         gif_result return_value;
         bool premature_eof = false;
@@ -287,9 +287,8 @@ static gif_result gif_initialise_frame(gif_animation *gif)
         /* We could theoretically get some junk data that gives us millions of
          * frames, so we ensure that we don't have a silly number
          */
-        if (frame > 4096) {
+        if (frame > 262143)
                 return GIF_FRAME_DATA_ERROR;
-        }
 
         /* Get some memory to store our pointers in etc. */
         if ((int)gif->frame_holders <= frame) {
@@ -435,7 +434,7 @@ static gif_result gif_initialise_frame(gif_animation *gif)
                 if (gif_bytes < 1) return GIF_INSUFFICIENT_FRAME_DATA;
                 block_size = gif_data[0] + 1;
                 /* Check if the frame data runs off the end of the file	*/
-                if ((int)(gif_bytes - block_size) < 0) {
+                if ((ssize_t)(gif_bytes - block_size) < 0) {
                         /* Try to recover by signaling the end of the gif.
                          * Once we get garbage data, there is no logical way to
                          * determine where the next frame is.  It's probably
@@ -484,8 +483,8 @@ static gif_result gif_initialise_frame(gif_animation *gif)
 static gif_result gif_skip_frame_extensions(gif_animation *gif)
 {
         const unsigned char *gif_data, *gif_end;
-        int gif_bytes;
-        unsigned int block_size;
+        ssize_t gif_bytes;
+        ssize_t block_size;
 
         /* Get our buffer position etc.	*/
         gif_data = (const unsigned char *)(gif->gif_data + gif->buffer_position);
@@ -585,13 +584,13 @@ gif_internal_decode_frame(gif_animation *gif,
 {
         unsigned int index = 0;
         const unsigned char *gif_data, *gif_end;
-        int gif_bytes;
+        ssize_t gif_bytes;
         unsigned int width, height, offset_x, offset_y;
         unsigned int flags, colour_table_size, interlace;
         unsigned int *colour_table;
         unsigned int *frame_data = 0;	// Set to 0 for no warnings
         unsigned int *frame_scanline;
-        unsigned int save_buffer_position;
+        ssize_t save_buffer_position;
         unsigned int return_value = 0;
         unsigned int x, y, decode_y, burst_bytes;
         register unsigned char colour;

diff --git a/libnsgif/libnsgif.h b/libnsgif/libnsgif.h
@@ -119,9 +119,9 @@ typedef struct gif_animation {
         /* Internal members are listed below */
 
         /** current index into GIF data */
-        unsigned int buffer_position;
+        ssize_t buffer_position;
         /** total number of bytes of GIF data available */
-        unsigned int buffer_size;
+        ssize_t buffer_size;
         /** current number of frame holders */
         unsigned int frame_holders;
         /** index in the colour table for the background colour */

diff --git a/libnsgif/lzw.c b/libnsgif/lzw.c
@@ -34,12 +34,12 @@
  */
 struct lzw_read_ctx {
 	const uint8_t *data;    /**< Pointer to start of input data */
-	uint32_t data_len;      /**< Input data length */
-	uint32_t data_sb_next;  /**< Offset to sub-block size */
+	uint64_t data_len;      /**< Input data length */
+	uint64_t data_sb_next;  /**< Offset to sub-block size */
 
 	const uint8_t *sb_data; /**< Pointer to current sub-block in data */
-	uint32_t sb_bit;        /**< Current bit offset in sub-block */
-	uint32_t sb_bit_count;  /**< Bit count in sub-block */
+	uint64_t sb_bit;        /**< Current bit offset in sub-block */
+	uint64_t sb_bit_count;  /**< Bit count in sub-block */
 };
 
 /**
@@ -113,8 +113,8 @@ void lzw_context_destroy(struct lzw_ctx *ctx)
  */
 static lzw_result lzw__block_advance(struct lzw_read_ctx *ctx)
 {
-	uint32_t block_size;
-	uint32_t next_block_pos = ctx->data_sb_next;
+	uint64_t block_size;
+	uint64_t next_block_pos = ctx->data_sb_next;
 	const uint8_t *data_next = ctx->data + next_block_pos;
 
 	if (next_block_pos >= ctx->data_len) {
@@ -264,8 +264,8 @@ static lzw_result lzw__clear_codes(
 lzw_result lzw_decode_init(
 		struct lzw_ctx *ctx,
 		const uint8_t *compressed_data,
-		uint32_t compressed_data_len,
-		uint32_t compressed_data_pos,
+		uint64_t compressed_data_len,
+		uint64_t compressed_data_pos,
 		uint8_t code_size,
 		const uint8_t ** const stack_base_out,
 		const uint8_t ** const stack_pos_out)

diff --git a/libnsgif/lzw.h b/libnsgif/lzw.h
@@ -75,8 +75,8 @@ void lzw_context_destroy(
 lzw_result lzw_decode_init(
 		struct lzw_ctx *ctx,
 		const uint8_t *compressed_data,
-		uint32_t compressed_data_len,
-		uint32_t compressed_data_pos,
+		uint64_t compressed_data_len,
+		uint64_t compressed_data_pos,
 		uint8_t code_size,
 		const uint8_t ** const stack_base_out,
 		const uint8_t ** const stack_pos_out);