diff options
author | Ronald S. Bultje <rsbultje@gmail.com> | 2012-02-22 14:22:56 -0800 |
---|---|---|
committer | Ronald S. Bultje <rsbultje@gmail.com> | 2012-02-23 10:31:46 -0800 |
commit | 01cb62aba2503b4173f101154f9f840f04f9c7f8 (patch) | |
tree | 777f4b3e98bac9d0061e60c879f4ffa9bc0026ca | |
parent | 1d8c4af396b6ed84c84b5ebf0bf1163c4a7a3017 (diff) | |
download | ffmpeg-01cb62aba2503b4173f101154f9f840f04f9c7f8.tar.gz |
lcl: don't overwrite input memory.
If the PNG filter is enabled, a PNG-style filter will run over the
input buffer, writing into the buffer. Therefore, if no zlib compression
was used, ensure that we copy into a temporary buffer, otherwise we
overwrite user-provided input data.
-rw-r--r-- | libavcodec/lcldec.c | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c index b66a3ce65b..a7f0bde23e 100644 --- a/libavcodec/lcldec.c +++ b/libavcodec/lcldec.c @@ -236,9 +236,14 @@ static int decode_frame(AVCodecContext *avctx, void *data, int *data_size, AVPac * gives a file with ZLIB fourcc, but frame is really uncompressed. * To be sure that's true check also frame size */ if (c->compression == COMP_ZLIB_NORMAL && c->imgtype == IMGTYPE_RGB24 && - len == width * height * 3) - break; - if (c->flags & FLAG_MULTITHREAD) { + len == width * height * 3) { + if (c->flags & FLAG_PNGFILTER) { + memcpy(c->decomp_buf, encoded, len); + encoded = c->decomp_buf; + } else { + break; + } + } else if (c->flags & FLAG_MULTITHREAD) { int ret; mthread_inlen = AV_RL32(encoded); mthread_inlen = FFMIN(mthread_inlen, len - 8); |