avformat/img2dec: fix infinite loop

Fixes: kira-poc
Found-by: Kira <kira_cxy@foxmail.com>
Change suggested by Kira
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
index 62db0d92cf3e25bb361da693bbfe88a5c8fd03ec..f3f52c83b355ad00f9cc2f49f67f2e47337d143a 100644 (file)
--- a/libavformat/img2dec.c
+++ b/libavformat/img2dec.c
@@ -878,10 +878,14 @@ static int svg_probe(AVProbeData *p)
 {
     const uint8_t *b = p->buf;
     const uint8_t *end = p->buf + p->buf_size;
+
     if (memcmp(p->buf, "<?xml", 5))
         return 0;
     while (b < end) {
-        b += ff_subtitles_next_line(b);
+        int inc = ff_subtitles_next_line(b);
+        if (!inc)
+            break;
+        b += inc;
         if (b >= end - 4)
             return 0;
         if (!memcmp(b, "<svg", 4))