LibGfx: add bounds checking before set_pixel call in GIF decoder

This fixes a crash when a GIF frame extends beyond the limits of the logical screen, causing writes past the end of the frame buffer
Author: https://github.com/peterdn Commit: https://github.com/SerenityOS/serenity/commit/5567408bab9 Pull-request: https://github.com/SerenityOS/serenity/pull/3899 Issue: https://github.com/SerenityOS/serenity/issues/3484 Reviewed-by: https://github.com/awesomekling
2020-11-01 15:26:26 +00:00 · 2020-11-01 15:26:26 +00:00 · 5567408bab · 2024-07-19 01:35:40 +09:00
commit 5567408bab
parent a28f29c82c
1 changed files with 1 additions and 1 deletions
--- a/Libraries/LibGfx/GIFLoader.cpp
+++ b/Libraries/LibGfx/GIFLoader.cpp
@ -355,7 +355,7 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
                int x = pixel_index % image.width + image.x;
                int y = row + image.y;

-                if (!image.transparent || color != image.transparency_index) {
+                if (context.frame_buffer->rect().contains(x, y) && (!image.transparent || color != image.transparency_index)) {
                    context.frame_buffer->set_pixel(x, y, c);
                }