avcodec/flicvideo: fix infinite loops

Fixes #2995. Reported-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Paul B Mahol <onemda@gmail.com>

avcodec/flicvideo: fix infinite loops
Fixes #2995. Reported-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Paul B Mahol <onemda@gmail.com>
f5498ef3 · Paul B Mahol · c99d2728 · f5498ef3
Commit f5498ef3 authored Sep 25, 2013 by Paul B Mahol
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

flicvideo.c libavcodec/flicvideo.c +4 -2

No files found.
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -202,7 +202,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
    frame_size -= 16;

    /* iterate through the chunks */
-    while ((frame_size >= 6) && (num_chunks > 0)) {
+    while ((frame_size >= 6) && (num_chunks > 0) &&
+            bytestream2_get_bytes_left(&g2) >= 4) {
        int stream_ptr_after_chunk;
        chunk_size = bytestream2_get_le32(&g2);
        if (chunk_size > frame_size) {
@@ -519,7 +520,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
    frame_size -= 16;

    /* iterate through the chunks */
-    while ((frame_size > 0) && (num_chunks > 0)) {
+    while ((frame_size > 0) && (num_chunks > 0) &&
+            bytestream2_get_bytes_left(&g2) >= 4) {
        int stream_ptr_after_chunk;
        chunk_size = bytestream2_get_le32(&g2);
        if (chunk_size > frame_size) {