On 02/07/15 23:45, Andreas Cadhalpun wrote: > The loop always needs at least 8 bytes for chunk_type and chunk_size. > If fewer are left, bytestream2_get_le32 just returns 0 without > reading any bytes, leading to an infinite loop. > > Signed-off-by: Andreas Cadhalpun <[email protected]> > --- > libavcodec/webp.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/webp.c b/libavcodec/webp.c > index 47e9e9e..723a847 100644 > --- a/libavcodec/webp.c > +++ b/libavcodec/webp.c > @@ -1387,7 +1387,7 @@ static int webp_decode_frame(AVCodecContext *avctx, > void *data, int *got_frame, > } > > av_dict_free(&s->exif_metadata); > - while (bytestream2_get_bytes_left(&gb) > 0) { > + while (bytestream2_get_bytes_left(&gb) > 8) { > char chunk_str[5] = { 0 }; > > chunk_type = bytestream2_get_le32(&gb); >
Sounds sensible. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
