check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable

Originally committed as revision 8522 to svn://svn.ffmpeg.org/ffmpeg/trunk
2025-03-23 04:24:35 +02:00 · 2007-03-25 23:37:38 +00:00 · 2007-03-25 23:37:38 +00:00 · 0cb7f8a260
commit 0cb7f8a260
parent 34a370cb0c
1 changed files with 4 additions and 3 deletions
--- a/libavcodec/lzw.c
+++ b/libavcodec/lzw.c
@ -196,7 +196,6 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
        }
        c = lzw_get_code(s);
        if (c == s->end_code) {
-            s->end_code = -1;
            break;
        } else if (c == s->clear_code) {
            s->cursize = s->codesize + 1;
@ -206,10 +205,11 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
            fc= oc= -1;
        } else {
            code = c;
-            if (code >= s->slot) {
+            if (code == s->slot && fc>=0) {
                *sp++ = fc;
                code = oc;
-            }
+            }else if(code >= s->slot)
+                break;
            while (code >= s->newcodes) {
                *sp++ = s->suffix[code];
                code = s->prefix[code];
@ -229,6 +229,7 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
            }
        }
    }
+    s->end_code = -1;
  the_end:
    s->sp = sp;
    s->oc = oc;