RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

webp: fix infinite loop in webp_decode_frame 

The loop always needs at least 8 bytes for chunk_type and chunk_size.
If fewer are left, bytestream2_get_le32 just returns 0 without
reading any bytes, leading to an infinite loop.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Andreas Cadhalpun 2015-07-02 23:45:46 +02:00 committed by Michael Niedermayer
parent 30ffbeb04a
commit 0762152f7a
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/webp.c
View File

@ -1387,7 +1387,7 @@ static int webp_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
}
av_dict_free(&s->exif_metadata);
while (bytestream2_get_bytes_left(&gb) > 0) {
while (bytestream2_get_bytes_left(&gb) > 8) {
char chunk_str[5] = { 0 };
chunk_type = bytestream2_get_le32(&gb);