virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-03-28 12:32:17 +02:00
Code Issues Releases Activity

check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable

Browse Source 
Originally committed as revision 8522 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Michael Niedermayer 2007-03-25 23:37:38 +00:00
parent 34a370cb0c
commit 0cb7f8a260
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/lzw.c
View File

@ -196,7 +196,6 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
} }
c = lzw_get_code(s); c = lzw_get_code(s);
if (c == s->end_code) { if (c == s->end_code) {
s->end_code = -1;
break; break;
} else if (c == s->clear_code) { } else if (c == s->clear_code) {
s->cursize = s->codesize + 1; s->cursize = s->codesize + 1;
@ -206,10 +205,11 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
fc= oc= -1; fc= oc= -1;
} else { } else {
code = c; code = c;
if (code >= s->slot) { if (code == s->slot && fc>=0) {
*sp++ = fc; *sp++ = fc;
code = oc; code = oc;
} }else if(code >= s->slot)
break;
while (code >= s->newcodes) { while (code >= s->newcodes) {
*sp++ = s->suffix[code]; *sp++ = s->suffix[code];
code = s->prefix[code]; code = s->prefix[code];
@ -229,6 +229,7 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
} }
} }
} }
s->end_code = -1;
the_end: the_end:
s->sp = sp; s->sp = sp;
s->oc = oc; s->oc = oc;