aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRonald S. Bultje <rsbultje@gmail.com>2012-02-22 14:22:56 -0800
committerRonald S. Bultje <rsbultje@gmail.com>2012-02-23 10:31:46 -0800
commit01cb62aba2503b4173f101154f9f840f04f9c7f8 (patch)
tree777f4b3e98bac9d0061e60c879f4ffa9bc0026ca
parent1d8c4af396b6ed84c84b5ebf0bf1163c4a7a3017 (diff)
downloadffmpeg-01cb62aba2503b4173f101154f9f840f04f9c7f8.tar.gz
lcl: don't overwrite input memory.
If the PNG filter is enabled, a PNG-style filter will run over the input buffer, writing into the buffer. Therefore, if no zlib compression was used, ensure that we copy into a temporary buffer, otherwise we overwrite user-provided input data.
-rw-r--r--libavcodec/lcldec.c11
1 files changed, 8 insertions, 3 deletions
diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
index b66a3ce65b..a7f0bde23e 100644
--- a/libavcodec/lcldec.c
+++ b/libavcodec/lcldec.c
@@ -236,9 +236,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac
* gives a file with ZLIB fourcc, but frame is really uncompressed.
* To be sure that's true check also frame size */
if (c->compression == COMP_ZLIB_NORMAL && c->imgtype == IMGTYPE_RGB24 &&
- len == width * height * 3)
- break;
- if (c->flags & FLAG_MULTITHREAD) {
+ len == width * height * 3) {
+ if (c->flags & FLAG_PNGFILTER) {
+ memcpy(c->decomp_buf, encoded, len);
+ encoded = c->decomp_buf;
+ } else {
+ break;
+ }
+ } else if (c->flags & FLAG_MULTITHREAD) {
int ret;
mthread_inlen = AV_RL32(encoded);
mthread_inlen = FFMIN(mthread_inlen, len - 8);