# External patch:
# Backported to GD2 Version 2.0.35
--- gd_gif_in.c 2007-06-14 12:51:41.000000000 -0700
+++ gd_gif_in.c 2015-04-06 11:11:40.591453962 -0700
@@ -70,8 +70,10 @@
#define STACK_SIZE ((1<<(MAX_LWZ_BITS))*2)
+#define CSD_BUF_SIZE 280
+
typedef struct {
- unsigned char buf[280];
+ unsigned char buf[CSD_BUF_SIZE];
int curbit, lastbit, done, last_byte;
} CODE_STATIC_DATA;
@@ -380,8 +382,14 @@
}
ret = 0;
- for (i = scd->curbit, j = 0; j < code_size; ++i, ++j)
+ for (i = scd->curbit, j = 0; j < code_size; ++i, ++j) {
+ if (i < CSD_BUF_SIZE * 8) {
ret |= ((scd->buf[ i / 8 ] & (1 << (i % 8))) != 0) << j;
+ } else {
+ ret = -1;
+ break;
+ }
+ }
scd->curbit += code_size;
return ret;