[libav-devel] [PATCH 11/18] av_lzo1x_decode: properly handle negative buffer length.

Kostya Shishkov kostya.shishkov at gmail.com
Thu Nov 24 11:59:01 CET 2011


On Thu, Nov 24, 2011 at 11:26:37AM +0100, Anton Khirnov wrote:
> From: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
> 
> Treating them like 0 is safest, current code would invoke
> undefined pointer arithmetic behaviour in this case.
> 
> Signed-off-by: Anton Khirnov <anton at khirnov.net>
> ---
>  libavutil/lzo.c |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavutil/lzo.c b/libavutil/lzo.c
> index 743d596..85b1f94 100644
> --- a/libavutil/lzo.c
> +++ b/libavutil/lzo.c
> @@ -175,11 +175,11 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen) {
>      int state= 0;
>      int x;
>      LZOContext c;
> -    if (!*outlen || !*inlen) {
> +    if (*outlen <= 0 || *inlen <= 0) {
>          int res = 0;
> -        if (!*outlen)
> +        if (*outlen <= 0)
>              res |= AV_LZO_OUTPUT_FULL;
> -        if (!*inlen)
> +        if (*inlen <= 0)
>              res |= AV_LZO_INPUT_DEPLETED;
>          return res;
>      }
> -- 

looks sane


More information about the libav-devel mailing list