pngdec: Stop trying to decode once inflate returns Z_STREAM_END

If the input buffer contains more data after the deflate stream,
the loop previously left running infinitely, with inflate returning
Z_STREAM_END.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index ec44d56..8864e4a 100644 (file)
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -378,6 +378,10 @@ static int png_decode_idat(PNGDecContext *s, int length)
             s->zstream.avail_out = s->crow_size;
             s->zstream.next_out  = s->crow_buf;
         }
+        if (ret == Z_STREAM_END && s->zstream.avail_in > 0) {
+            av_log(NULL, AV_LOG_WARNING, "%d undecompressed bytes left in buffer\n", s->zstream.avail_in);
+            return 0;
+        }
     }
     return 0;
 }