]> git.sesse.net Git - ffmpeg/blobdiff - libavcodec/lzw.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
lavfi/hflip: copy palette data in start_frame()
[ffmpeg] / libavcodec / lzw.c
diff --git a/libavcodec/lzw.c b/libavcodec/lzw.c
index 185a05d6abf899fdd7bddc4349f0df011cb998e7..19f3e110f48582886cc994efe66ca4c6b39c1ef5 100644 (file)
--- a/libavcodec/lzw.c
+++ b/libavcodec/lzw.c
@@ -101,9 +101,14 @@ void ff_lzw_decode_tail(LZWState *p)
     struct LZWState *s = (struct LZWState *)p;
 
     if(s->mode == FF_LZW_GIF) {
-        while(s->pbuf < s->ebuf && s->bs>0){
-            s->pbuf += s->bs;
-            s->bs = *s->pbuf++;
+        while (s->bs > 0) {
+            if (s->bs >= s->ebuf - s->pbuf) {
+                s->pbuf = s->ebuf;
+                break;
+            } else {
+                s->pbuf += s->bs;
+                s->bs = *s->pbuf++;
+            }
         }
     }else
         s->pbuf= s->ebuf;
@@ -185,6 +190,10 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
             if ((--l) == 0)
                 goto the_end;
         }
+        if (s->ebuf < s->pbuf) {
+            av_log(0, AV_LOG_ERROR, "lzw overread\n");
+            goto the_end;
+        }
         c = lzw_get_code(s);
         if (c == s->end_code) {
             break;
Unnamed repository; edit this file 'description' to name the repository.