iff: Do not read over the source buffer

author Luca Barbato <lu_zero@gentoo.org>

Sat, 29 Jun 2013 05:26:48 +0000 (07:26 +0200)

committer Luca Barbato <lu_zero@gentoo.org>

Wed, 10 Jul 2013 13:24:42 +0000 (15:24 +0200)
author Luca Barbato <lu_zero@gentoo.org>
Sat, 29 Jun 2013 05:26:48 +0000 (07:26 +0200)
committer Luca Barbato <lu_zero@gentoo.org>
Wed, 10 Jul 2013 13:24:42 +0000 (15:24 +0200)
diff --git a/libavcodec/iff.c b/libavcodec/iff.c

index eda42e9..bc878c5 100644 (file)
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -289,7 +289,7 @@ static int decode_frame_ilbm(AVCodecContext *avctx,
              }
          }
      } else if (avctx->pix_fmt == AV_PIX_FMT_PAL8 || avctx->pix_fmt == AV_PIX_FMT_GRAY8) { // IFF-PBM
-        for (y = 0; y < avctx->height; y++) {
+        for (y = 0; y < avctx->height && buf < buf_end; y++) {
              uint8_t *row = &s->frame.data[0][y * s->frame.linesize[0]];
              memcpy(row, buf, FFMIN(avctx->width, buf_end - buf));
              buf += avctx->width + (avctx->width % 2); // padding if odd
author	Luca Barbato <lu_zero@gentoo.org>
	Sat, 29 Jun 2013 05:26:48 +0000 (07:26 +0200)
committer	Luca Barbato <lu_zero@gentoo.org>
	Wed, 10 Jul 2013 13:24:42 +0000 (15:24 +0200)