ffmpeg | branch: release/2.6 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Thu Jul 2 23:45:46 2015 +0200| [3c96f21d6e9de6832a59645273e94dfd65126d2d] | committer: Michael Niedermayer
webp: fix infinite loop in webp_decode_frame The loop always needs at least 8 bytes for chunk_type and chunk_size. If fewer are left, bytestream2_get_le32 just returns 0 without reading any bytes, leading to an infinite loop. Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit 0762152f7af6cd93bc8f504d5503723500c3f369) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (cherry picked from commit 762a5878a6b0bef923ef97c15fdb8274a0351278) Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3c96f21d6e9de6832a59645273e94dfd65126d2d --- libavcodec/webp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/webp.c b/libavcodec/webp.c index 47e9e9e..723a847 100644 --- a/libavcodec/webp.c +++ b/libavcodec/webp.c @@ -1387,7 +1387,7 @@ static int webp_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, } av_dict_free(&s->exif_metadata); - while (bytestream2_get_bytes_left(&gb) > 0) { + while (bytestream2_get_bytes_left(&gb) > 8) { char chunk_str[5] = { 0 }; chunk_type = bytestream2_get_le32(&gb); _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
