fix infinite loop (suggested change by rjayne at convera dot com)

fixes bug #1160195 Originally committed as revision 4434 to svn://svn.ffmpeg.org/ffmpeg/trunk

fix infinite loop (suggested change by rjayne at convera dot com)
fixes bug #1160195 Originally committed as revision 4434 to svn://svn.ffmpeg.org/ffmpeg/trunk
472ea128 · Michael Niedermayer · b7b84107 · 472ea128
隐藏空白更改
内联并排

Showing with 3 addition and 0 deletion

libavcodec/cinepak.c libavcodec/cinepak.c +3 -0

未找到文件。
--- a/libavcodec/cinepak.c
+++ b/libavcodec/cinepak.c
@@ -274,6 +274,9 @@ static int cinepak_decode_strip (CinepakContext *s,
    while ((data + 4) <= eod) {
        chunk_id   = BE_16 (&data[0]);
        chunk_size = BE_16 (&data[2]) - 4;
+        if(chunk_size < 0)
+            return -1;
+
        data      += 4;
        chunk_size = ((data + chunk_size) > eod) ? (eod - data) : chunk_size;