From 9955707b23f3d692955b6601449d655b7ab2242e Mon Sep 17 00:00:00 2001
From: "reed%reedloden.com" <reed%reedloden.com>
Date: Thu, 24 Jan 2008 09:29:38 +0000
Subject: [PATCH] Bug 413373 - "Crash [@nsGIFDecoder2::DoLzw] when loading GIF
 file" (detect malformed LZW encoding [p=alfredkayser@gmail.com (Alfred
 Kayser) r=stuart sr=tor a1.9=beltzner]

---
 modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp b/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp
index 5d8eb9728f2..9a7a1e4edf0 100644
--- a/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp
+++ b/modules/libpr0n/decoders/gif/nsGIFDecoder2.cpp
@@ -590,6 +590,8 @@ nsGIFDecoder2::DoLzw(const PRUint8 *q)
       }
 
       if (oldcode == -1) {
+        if (code >= MAX_BITS)
+          return PR_FALSE;
         *rowp++ = suffix[code];
         if (rowp == rowend)
           OUTPUT_ROW();