avcodec/iff: decode_delta_j: Check that the number of bytes that will be read are...
authorMichael Niedermayer <michael@niedermayer.cc>
Wed, 6 Jul 2016 08:43:46 +0000 (10:43 +0200)
committerMichael Niedermayer <michael@niedermayer.cc>
Wed, 6 Jul 2016 09:19:41 +0000 (11:19 +0200)
This should avoid long loops
related to CID1361958

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavcodec/iff.c

index ef9ce91..677de0f 100644 (file)
@@ -865,7 +865,7 @@ static void decode_delta_j(uint8_t *dst,
             for (g = 0; g < groups; g++) {
                 offset = bytestream2_get_be16(&gb);
 
-                if (bytestream2_get_bytes_left(&gb) < 1)
+                if (cols * bpp == 0 || bytestream2_get_bytes_left(&gb) < cols * bpp)
                     return;
 
                 if (kludge_j)
@@ -911,7 +911,7 @@ static void decode_delta_j(uint8_t *dst,
                     for (d = 0; d < bpp; d++) {
                         unsigned noffset = offset + (r * pitch) + d * planepitch;
 
-                        if (bytestream2_get_bytes_left(&gb) < 1)
+                        if (!bytes || bytestream2_get_bytes_left(&gb) < bytes)
                             return;
 
                         for (b = 0; b < bytes; b++) {