Commit 44c4170c authored by Michael Niedermayer's avatar Michael Niedermayer

lzw: check for overread

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent a63c8137
...@@ -190,6 +190,10 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){ ...@@ -190,6 +190,10 @@ int ff_lzw_decode(LZWState *p, uint8_t *buf, int len){
if ((--l) == 0) if ((--l) == 0)
goto the_end; goto the_end;
} }
if (s->ebuf < s->pbuf) {
av_log(0, AV_LOG_ERROR, "lzw overread\n");
goto the_end;
}
c = lzw_get_code(s); c = lzw_get_code(s);
if (c == s->end_code) { if (c == s->end_code) {
break; break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment