av_lzo1x_decode: properly handle negative buffer length.
authorReimar Döffinger <Reimar.Doeffinger@gmx.de>
Sat, 5 Nov 2011 20:45:31 +0000 (21:45 +0100)
committerCarl Eugen Hoyos <cehoyos@ag.or.at>
Tue, 8 Nov 2011 19:37:05 +0000 (20:37 +0100)
Treating them like 0 is safest, current code would invoke
undefined pointer arithmetic behaviour in this case.

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
(cherry picked from commit b9242fd12f4be4a79e31fd0aa125ab8a48226896)
(cherry picked from commit 0411b1928965050a940155984a16ad82fe462fc1)

libavutil/lzo.c

index 40a41a4..8407d7d 100644 (file)
@@ -175,11 +175,11 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen) {
     int state= 0;
     int x;
     LZOContext c;
-    if (!*outlen || !*inlen) {
+    if (*outlen <= 0 || *inlen <= 0) {
         int res = 0;
-        if (!*outlen)
+        if (*outlen <= 0)
             res |= AV_LZO_OUTPUT_FULL;
-        if (!*inlen)
+        if (*inlen <= 0)
             res |= AV_LZO_INPUT_DEPLETED;
         return res;
     }