mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-11-21 10:55:51 +02:00
Fix buffer end checks in lzo copy code to work in all cases.
Originally committed as revision 7731 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
30b9d5f622
commit
cf0ef3dc34
@ -67,11 +67,11 @@ static inline int get_len(LZOContext *c, int x, int mask) {
|
||||
static inline void copy(LZOContext *c, int cnt) {
|
||||
register uint8_t *src = c->in;
|
||||
register uint8_t *dst = c->out;
|
||||
if (src + cnt > c->in_end) {
|
||||
if (src + cnt > c->in_end || src + cnt < src) {
|
||||
cnt = c->in_end - src;
|
||||
c->error |= LZO_INPUT_DEPLETED;
|
||||
}
|
||||
if (dst + cnt > c->out_end) {
|
||||
if (dst + cnt > c->out_end || dst + cnt < dst) {
|
||||
cnt = c->out_end - dst;
|
||||
c->error |= LZO_OUTPUT_FULL;
|
||||
}
|
||||
@ -101,11 +101,11 @@ static inline void copy(LZOContext *c, int cnt) {
|
||||
static inline void copy_backptr(LZOContext *c, int back, int cnt) {
|
||||
register uint8_t *src = &c->out[-back];
|
||||
register uint8_t *dst = c->out;
|
||||
if (src < c->out_start) {
|
||||
if (src < c->out_start || src > dst) {
|
||||
c->error |= LZO_INVALID_BACKPTR;
|
||||
return;
|
||||
}
|
||||
if (dst + cnt > c->out_end) {
|
||||
if (dst + cnt > c->out_end || dst + cnt < dst) {
|
||||
cnt = c->out_end - dst;
|
||||
c->error |= LZO_OUTPUT_FULL;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user