[libav-devel] [PATCH 11/18] av_lzo1x_decode: properly handle negative buffer length.

Måns Rullgård mans at mansr.com
Thu Nov 24 14:37:22 CET 2011


Anton Khirnov <anton at khirnov.net> writes:

> From: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
>
> Treating them like 0 is safest, current code would invoke
> undefined pointer arithmetic behaviour in this case.
>
> Signed-off-by: Anton Khirnov <anton at khirnov.net>
> ---
>  libavutil/lzo.c |    6 +++---
>  1 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/libavutil/lzo.c b/libavutil/lzo.c
> index 743d596..85b1f94 100644
> --- a/libavutil/lzo.c
> +++ b/libavutil/lzo.c
> @@ -175,11 +175,11 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen) {
>      int state= 0;
>      int x;
>      LZOContext c;
> -    if (!*outlen || !*inlen) {
> +    if (*outlen <= 0 || *inlen <= 0) {
>          int res = 0;
> -        if (!*outlen)
> +        if (*outlen <= 0)
>              res |= AV_LZO_OUTPUT_FULL;
> -        if (!*inlen)
> +        if (*inlen <= 0)
>              res |= AV_LZO_INPUT_DEPLETED;
>          return res;
>      }
> -- 

Why would this function be called with negative lengths?

-- 
Måns Rullgård
mans at mansr.com


More information about the libav-devel mailing list