[Ffmpeg-cvslog] r8522 - trunk/libavcodec/lzw.c
michael
subversion
Mon Mar 26 01:37:38 CEST 2007
Author: michael
Date: Mon Mar 26 01:37:38 2007
New Revision: 8522
Modified:
trunk/libavcodec/lzw.c
Log:
check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable
Modified: trunk/libavcodec/lzw.c
==============================================================================
--- trunk/libavcodec/lzw.c (original)
+++ trunk/libavcodec/lzw.c Mon Mar 26 01:37:38 2007
@@ -196,7 +196,6 @@ int ff_lzw_decode(LZWState *p, uint8_t *
}
c = lzw_get_code(s);
if (c == s->end_code) {
- s->end_code = -1;
break;
} else if (c == s->clear_code) {
s->cursize = s->codesize + 1;
@@ -206,10 +205,11 @@ int ff_lzw_decode(LZWState *p, uint8_t *
fc= oc= -1;
} else {
code = c;
- if (code >= s->slot) {
+ if (code == s->slot && fc>=0) {
*sp++ = fc;
code = oc;
- }
+ }else if(code >= s->slot)
+ break;
while (code >= s->newcodes) {
*sp++ = s->suffix[code];
code = s->prefix[code];
@@ -229,6 +229,7 @@ int ff_lzw_decode(LZWState *p, uint8_t *
}
}
}
+ s->end_code = -1;
the_end:
s->sp = sp;
s->oc = oc;
More information about the ffmpeg-cvslog
mailing list