[Ffmpeg-cvslog] r7731 - trunk/libavcodec/lzo.c
reimar
subversion
Sat Jan 27 15:15:03 CET 2007
Author: reimar
Date: Sat Jan 27 15:15:03 2007
New Revision: 7731
Modified:
trunk/libavcodec/lzo.c
Log:
Fix buffer end checks in lzo copy code to work in all cases.
Modified: trunk/libavcodec/lzo.c
==============================================================================
--- trunk/libavcodec/lzo.c (original)
+++ trunk/libavcodec/lzo.c Sat Jan 27 15:15:03 2007
@@ -67,11 +67,11 @@
static inline void copy(LZOContext *c, int cnt) {
register uint8_t *src = c->in;
register uint8_t *dst = c->out;
- if (src + cnt > c->in_end) {
+ if (src + cnt > c->in_end || src + cnt < src) {
cnt = c->in_end - src;
c->error |= LZO_INPUT_DEPLETED;
}
- if (dst + cnt > c->out_end) {
+ if (dst + cnt > c->out_end || dst + cnt < dst) {
cnt = c->out_end - dst;
c->error |= LZO_OUTPUT_FULL;
}
@@ -101,11 +101,11 @@
static inline void copy_backptr(LZOContext *c, int back, int cnt) {
register uint8_t *src = &c->out[-back];
register uint8_t *dst = c->out;
- if (src < c->out_start) {
+ if (src < c->out_start || src > dst) {
c->error |= LZO_INVALID_BACKPTR;
return;
}
- if (dst + cnt > c->out_end) {
+ if (dst + cnt > c->out_end || dst + cnt < dst) {
cnt = c->out_end - dst;
c->error |= LZO_OUTPUT_FULL;
}
More information about the ffmpeg-cvslog
mailing list