jvdec: avoid unsigned overflow in comparison
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fri, 6 Nov 2015 20:04:34 +0000 (21:04 +0100)
committerMichael Niedermayer <michael@niedermayer.cc>
Thu, 19 Nov 2015 02:51:39 +0000 (03:51 +0100)
commitbbeae2c690f1449bbdcb41eeaf025dd2b9f025f5
tree704d25e55c5e44c7f8cdb65c5583c66bf1af2a9e
parent9f6e755272e7d07e83a5b8224be7eb3318204916
jvdec: avoid unsigned overflow in comparison

The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit db374790c75fa4ef947abcb5019fcf21d0b2de85)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
libavformat/jvdec.c