check that csize in ff_lzw_decode_init is < LZW_MAXBITS, <= is not enough and

might read outside the prefix array Originally committed as revision 14214 to svn://svn.ffmpeg.org/ffmpeg/trunk

check that csize in ff_lzw_decode_init is < LZW_MAXBITS, <= is not enough and
might read outside the prefix array Originally committed as revision 14214 to svn://svn.ffmpeg.org/ffmpeg/trunk
b08edb22 · Reimar Döffinger · 4138ad96 · b08edb22
Commit b08edb22 authored Jul 13, 2008 by Reimar Döffinger
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

lzw.c libavcodec/lzw.c +1 -1

No files found.
--- a/libavcodec/lzw.c
+++ b/libavcodec/lzw.c
@@ -131,7 +131,7 @@ int ff_lzw_decode_init(LZWState *p, int csize, const uint8_t *buf, int buf_size,
 {
    struct LZWState *s = (struct LZWState *)p;

-    if(csize < 1 || csize > LZW_MAXBITS)
+    if(csize < 1 || csize >= LZW_MAXBITS)
        return -1;
    /* read buffer */
    s->pbuf = buf;