From a81cad8f86d1feb7e4bfae29e43f3e994935a5c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Sun, 29 Sep 2013 00:12:04 +0300 Subject: [PATCH] pngdec: Stop trying to decode once inflate returns Z_STREAM_END MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If the input buffer contains more data after the deflate stream, the loop previously left running infinitely, with inflate returning Z_STREAM_END. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö --- libavcodec/pngdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c index ec44d56de8..8864e4a214 100644 --- a/libavcodec/pngdec.c +++ b/libavcodec/pngdec.c @@ -378,6 +378,10 @@ static int png_decode_idat(PNGDecContext *s, int length) s->zstream.avail_out = s->crow_size; s->zstream.next_out = s->crow_buf; } + if (ret == Z_STREAM_END && s->zstream.avail_in > 0) { + av_log(NULL, AV_LOG_WARNING, "%d undecompressed bytes left in buffer\n", s->zstream.avail_in); + return 0; + } } return 0; }