jvdec: avoid unsigned overflow in comparison
The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size is 3, the right side overflows leading to a wrong result of the comparison and subsequently a heap buffer overflow. Reviewed-by: Paul B Mahol <onemda@gmail.com> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Showing
Please
register
or
sign in
to comment