Added bounds checking to prevent lzwImageData buffer overflow, part of …

…#2
pixelmatix · Oct 3, 2014 · acf5d60 · acf5d60
1 parent a52e8a0
commit acf5d60
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/GIFParseFunctions.cpp b/GIFParseFunctions.cpp
@@ -485,12 +485,24 @@ void parseTableBasedImage() {
     int dataBlockSize = readByte();
     while (dataBlockSize != 0) {
 #if DEBUG == 1
-    Serial.print("datablocksize: ");
+    Serial.print("dataBlockSize: ");
     Serial.println(dataBlockSize);
 #endif
         backUpStream(1);
         dataBlockSize++;
+        // quick fix to prevent a crash if lzwImageData is not large enough
+        if(offset + dataBlockSize <= sizeof(lzwImageData)) {
         readIntoBuffer(lzwImageData + offset, dataBlockSize);
+        } else {
+            int i;
+            // discard the data block that would cause a buffer overflow
+            for(i=0; i<dataBlockSize; i++)
+                file.read();
+#if DEBUG == 1
+            Serial.print("******* Prevented lzwImageData Overflow ******");
+#endif
+        }
+
         offset += dataBlockSize;
         dataBlockSize = readByte();
     }