avcodec/flicvideo: fix infinite loops

Fixes #2995.
Reported-by: Piotr Bandurski <ami_stuff@o2.pl>
Signed-off-by: Paul B Mahol <onemda@gmail.com>
This commit is contained in:
Paul B Mahol 2013-09-25 19:35:06 +00:00
parent c99d27287d
commit f5498ef38d

View File

@ -202,7 +202,8 @@ static int flic_decode_frame_8BPP(AVCodecContext *avctx,
frame_size -= 16;
/* iterate through the chunks */
while ((frame_size >= 6) && (num_chunks > 0)) {
while ((frame_size >= 6) && (num_chunks > 0) &&
bytestream2_get_bytes_left(&g2) >= 4) {
int stream_ptr_after_chunk;
chunk_size = bytestream2_get_le32(&g2);
if (chunk_size > frame_size) {
@ -519,7 +520,8 @@ static int flic_decode_frame_15_16BPP(AVCodecContext *avctx,
frame_size -= 16;
/* iterate through the chunks */
while ((frame_size > 0) && (num_chunks > 0)) {
while ((frame_size > 0) && (num_chunks > 0) &&
bytestream2_get_bytes_left(&g2) >= 4) {
int stream_ptr_after_chunk;
chunk_size = bytestream2_get_le32(&g2);
if (chunk_size > frame_size) {