# HG changeset patch
# User reimar
# Date 1215979437 0
# Node ID 451bc2b25bcb60309d50e350bc115403cc8cfe08
# Parent  433a8fbbdd00dbb87567ddfa8dcfb308d8b14730
check that csize in ff_lzw_decode_init is < LZW_MAXBITS, <= is not enough and
might read outside the prefix array

diff -r 433a8fbbdd00 -r 451bc2b25bcb lzw.c
--- a/lzw.c	Sun Jul 13 19:59:44 2008 +0000
+++ b/lzw.c	Sun Jul 13 20:03:57 2008 +0000
@@ -131,7 +131,7 @@
 {
     struct LZWState *s = (struct LZWState *)p;
 
-    if(csize < 1 || csize > LZW_MAXBITS)
+    if(csize < 1 || csize >= LZW_MAXBITS)
         return -1;
     /* read buffer */
     s->pbuf = buf;