webp: fix infinite loop in webp_decode_frame

The loop always needs at least 8 bytes for chunk_type and chunk_size. If fewer are left, bytestream2_get_le32 just returns 0 without reading any bytes, leading to an infinite loop. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

webp: fix infinite loop in webp_decode_frame
The loop always needs at least 8 bytes for chunk_type and chunk_size. If fewer are left, bytestream2_get_le32 just returns 0 without reading any bytes, leading to an infinite loop. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
0762152f · Andreas Cadhalpun · Michael Niedermayer · 30ffbeb0 · 0762152f
Commit 0762152f authored Jul 02, 2015 by Andreas Cadhalpun Committed by Michael Niedermayer Jul 03, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

webp.c libavcodec/webp.c +1 -1

No files found.
--- a/libavcodec/webp.c
+++ b/libavcodec/webp.c
@@ -1387,7 +1387,7 @@ static int webp_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
    }

    av_dict_free(&s->exif_metadata);
-    while (bytestream2_get_bytes_left(&gb) > 0) {
+    while (bytestream2_get_bytes_left(&gb) > 8) {
        char chunk_str[5] = { 0 };

        chunk_type = bytestream2_get_le32(&gb);