[FFmpeg-cvslog] avcodec/sgirledec: fix infinite loop in decode_sgirle8()
Paul B Mahol
git at videolan.org
Sun Sep 22 19:31:04 CEST 2013
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Sun Sep 22 17:22:51 2013 +0000| [b00fb157bae79f9735910064585fd95b8c123003] | committer: Paul B Mahol
avcodec/sgirledec: fix infinite loop in decode_sgirle8()
Fixes #2985.
Reported-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b00fb157bae79f9735910064585fd95b8c123003
---
libavcodec/sgirledec.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavcodec/sgirledec.c b/libavcodec/sgirledec.c
index af149d1..6cdc8d6 100644
--- a/libavcodec/sgirledec.c
+++ b/libavcodec/sgirledec.c
@@ -82,6 +82,8 @@ static int decode_sgirle8(AVCodecContext *avctx, uint8_t *dst, const uint8_t *sr
if (v > 0 && v < 0xC0) {
do {
int length = FFMIN(v, width - x);
+ if (length <= 0)
+ break;
memset(dst + y*linesize + x, RGB332_TO_BGR8(*src), length);
INC_XY(length);
v -= length;
@@ -91,7 +93,7 @@ static int decode_sgirle8(AVCodecContext *avctx, uint8_t *dst, const uint8_t *sr
v -= 0xC0;
do {
int length = FFMIN3(v, width - x, src_end - src);
- if (src_end - src < length)
+ if (src_end - src < length || length <= 0)
break;
memcpy_rgb332_to_bgr8(dst + y*linesize + x, src, length);
INC_XY(length);
More information about the ffmpeg-cvslog
mailing list