jvdec: avoid unsigned overflow in comparison
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fri, 6 Nov 2015 20:04:34 +0000 (21:04 +0100)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Sat, 7 Nov 2015 12:13:35 +0000 (13:13 +0100)
commitdb374790c75fa4ef947abcb5019fcf21d0b2de85
tree48e4ed4cb962d7dab3bc63644d6452d7fbc60006
parent7f7fa90f7b7fccecff98bb1cef307e093dac1d29
jvdec: avoid unsigned overflow in comparison

The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavformat/jvdec.c