struct LZWState *s = (struct LZWState *)p;
if(s->mode == FF_LZW_GIF) {
- while(s->pbuf < s->ebuf && s->bs>0){
- s->pbuf += s->bs;
- s->bs = *s->pbuf++;
+ while (s->bs > 0) {
+ if (s->bs >= s->ebuf - s->pbuf) {
+ s->pbuf = s->ebuf;
+ break;
+ } else {
+ s->pbuf += s->bs;
+ s->bs = *s->pbuf++;
+ }
}
}else
s->pbuf= s->ebuf;
if ((--l) == 0)
goto the_end;
}
+ if (s->ebuf < s->pbuf) {
+ av_log(0, AV_LOG_ERROR, "lzw overread\n");
+ goto the_end;
+ }
c = lzw_get_code(s);
if (c == s->end_code) {
break;