libavcodec.hg: lzw.c comparison

comparison lzw.c @ 4733:507d08212e36 libavcodec

check input validity, this prevents a few variables from reachin odd values which might have lead to out of array writes and thus might have been exploitable

author	michael
date	Sun, 25 Mar 2007 23:37:38 +0000
parents	8583aa3c21bc
children	8903c1d6db18

comparison

equal deleted inserted replaced

-:8583aa3c21bc
+:507d08212e36
 if ((--l) == 0)
 goto the_end;
 }
 c = lzw_get_code(s);
 if (c == s->end_code) {
-s->end_code = -1;
 break;
 } else if (c == s->clear_code) {
 s->cursize = s->codesize + 1;
 s->curmask = mask[s->cursize];
 s->slot = s->newcodes;
 s->top_slot = 1 << s->cursize;
 fc= oc= -1;
 } else {
 code = c;
-if (code >= s->slot) {
+if (code == s->slot && fc>=0) {
 *sp++ = fc;
 code = oc;
-}
+}else if(code >= s->slot)
+break;
 while (code >= s->newcodes) {
 *sp++ = s->suffix[code];
 code = s->prefix[code];
 }
 *sp++ = code;
 s->curmask = mask[++s->cursize];
 }
 }
 }
 }
+s->end_code = -1;
 the_end:
 s->sp = sp;
 s->oc = oc;
 s->fc = fc;
 return len - l;

Mercurial > libavcodec.hg

comparison lzw.c @ 4733:507d08212e36 libavcodec