[FFmpeg-cvslog] avcodec/flicvideo: fix infinite loops
Paul B Mahol
git at videolan.org
Wed Sep 25 21:49:07 CEST 2013
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Wed Sep 25 19:35:06 2013 +0000| [f5498ef38daa541f03b9c8d3985579394c8407e5] | committer: Paul B Mahol
avcodec/flicvideo: fix infinite loops
Fixes #2995.
Reported-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5498ef38daa541f03b9c8d3985579394c8407e5
---
libavcodec/flicvideo.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/flicvideo.c b/libavcodec/flicvideo.c
index a2f9ef9..c4bc1a2 100644
--- a/libavcodec/flicvideo.c
+++ b/libavcodec/flicvideo.c
@@ -202,7 +202,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
frame_size -= 16;
/* iterate through the chunks */
- while ((frame_size >= 6) && (num_chunks > 0)) {
+ while ((frame_size >= 6) && (num_chunks > 0) &&
+ bytestream2_get_bytes_left(&g2) >= 4) {
int stream_ptr_after_chunk;
chunk_size = bytestream2_get_le32(&g2);
if (chunk_size > frame_size) {
@@ -519,7 +520,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
frame_size -= 16;
/* iterate through the chunks */
- while ((frame_size > 0) && (num_chunks > 0)) {
+ while ((frame_size > 0) && (num_chunks > 0) &&
+ bytestream2_get_bytes_left(&g2) >= 4) {
int stream_ptr_after_chunk;
chunk_size = bytestream2_get_le32(&g2);
if (chunk_size > frame_size) {
More information about the ffmpeg-cvslog
mailing list