smc: Fix overread.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
pull/3/merge
Michael Niedermayer 13 years ago
parent 263bb6edcf
commit 1007a805a4
  1. 2
      libavcodec/smc.c

@ -313,7 +313,7 @@ static void smc_decode_stream(SmcContext *s)
} else } else
color_table_index = CQUAD * s->buf[stream_ptr++]; color_table_index = CQUAD * s->buf[stream_ptr++];
while (n_blocks--) { while (n_blocks-- && stream_ptr + 3 < s->size) {
color_flags = AV_RB32(&s->buf[stream_ptr]); color_flags = AV_RB32(&s->buf[stream_ptr]);
stream_ptr += 4; stream_ptr += 4;
/* flag mask actually acts as a bit shift count here */ /* flag mask actually acts as a bit shift count here */

Loading…
Cancel
Save