avcodec/sgirledec: fix infinite loop in decode_sgirle8()
Fixes #2985. Reported-by: Piotr Bandurski <ami_stuff@o2.pl> Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
Paul B Mahol
@@ -82,6 +82,8 @@ static int decode_sgirle8(AVCodecContext *avctx, uint8_t *dst, const uint8_t *sr
|
|||||||
if (v > 0 && v < 0xC0) {
|
if (v > 0 && v < 0xC0) {
|
||||||
do {
|
do {
|
||||||
int length = FFMIN(v, width - x);
|
int length = FFMIN(v, width - x);
|
||||||
|
if (length <= 0)
|
||||||
|
break;
|
||||||
memset(dst + y*linesize + x, RGB332_TO_BGR8(*src), length);
|
memset(dst + y*linesize + x, RGB332_TO_BGR8(*src), length);
|
||||||
INC_XY(length);
|
INC_XY(length);
|
||||||
v -= length;
|
v -= length;
|
||||||
@@ -91,7 +93,7 @@ static int decode_sgirle8(AVCodecContext *avctx, uint8_t *dst, const uint8_t *sr
|
|||||||
v -= 0xC0;
|
v -= 0xC0;
|
||||||
do {
|
do {
|
||||||
int length = FFMIN3(v, width - x, src_end - src);
|
int length = FFMIN3(v, width - x, src_end - src);
|
||||||
if (src_end - src < length)
|
if (src_end - src < length || length <= 0)
|
||||||
break;
|
break;
|
||||||
memcpy_rgb332_to_bgr8(dst + y*linesize + x, src, length);
|
memcpy_rgb332_to_bgr8(dst + y*linesize + x, src, length);
|
||||||
INC_XY(length);
|
INC_XY(length);
|
||||||
|
|||||||
Reference in New Issue
Block a user