qpeg: Fix out of array writes.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

qpeg: Fix out of array writes.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
4299dfa5 · Michael Niedermayer · aaa1173d · 4299dfa5
Commit 4299dfa5 authored Mar 03, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

qpeg.c libavcodec/qpeg.c +4 -0

No files found.
--- a/libavcodec/qpeg.c
+++ b/libavcodec/qpeg.c
@@ -203,6 +203,8 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size,
                    filled = 0;
                    dst -= stride;
                    height--;
+                    if(height < 0)
+                        break;
                }
            }
        } else if(code >= 0xC0) { /* copy code: 0xC0..0xDF */
@@ -214,6 +216,8 @@ static void qpeg_decode_inter(const uint8_t *src, uint8_t *dst, int size,
                    filled = 0;
                    dst -= stride;
                    height--;
+                    if(height < 0)
+                        break;
                }
            }
            size -= code + 1;