diff options
| author | Reimar Döffinger <Reimar.Doeffinger@gmx.de> | 2011-12-30 10:37:33 +0100 |
|---|---|---|
| committer | Reimar Döffinger <Reimar.Doeffinger@gmx.de> | 2011-12-30 10:37:33 +0100 |
| commit | 874da652b307fe0d2bec08fc5916a9a82537f40c (patch) | |
| tree | 74a10d27d3f34e7ad2bc6ba00d77338283976f66 /libavutil | |
| parent | b0143da80656f286b3e2363f3ddb6f81c4a0fbf5 (diff) | |
Avoid av_memcpy_backptr hang without extra branch.
This only happens for a "back" value of 0 which is invalid anyway,
but lcldec does not properly validate input.
Also extend the documentation to specify valid values.
Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Diffstat (limited to 'libavutil')
| -rw-r--r-- | libavutil/lzo.c | 6 | ||||
| -rw-r--r-- | libavutil/lzo.h | 5 |
2 files changed, 7 insertions, 4 deletions
diff --git a/libavutil/lzo.c b/libavutil/lzo.c index 0b9d2e42ba..3642308100 100644 --- a/libavutil/lzo.c +++ b/libavutil/lzo.c @@ -112,7 +112,7 @@ static inline void memcpy_backptr(uint8_t *dst, int back, int cnt); /** * @brief Copies previously decoded bytes to current position. - * @param back how many bytes back we start + * @param back how many bytes back we start, must be > 0 * @param cnt number of bytes to copy, must be >= 0 * * cnt > back is valid, this will copy the bytes we just copied, @@ -135,9 +135,9 @@ static inline void copy_backptr(LZOContext *c, int back, int cnt) { static inline void memcpy_backptr(uint8_t *dst, int back, int cnt) { const uint8_t *src = &dst[-back]; - if (back == 1) { + if (back <= 1) { memset(dst, *src, cnt); - } else if(back>0) { + } else { #ifdef OUTBUF_PADDED COPY2(dst, src); COPY2(dst + 2, src + 2); diff --git a/libavutil/lzo.h b/libavutil/lzo.h index d60d8d7487..379c08c8c7 100644 --- a/libavutil/lzo.h +++ b/libavutil/lzo.h @@ -62,11 +62,14 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen); /** * @brief deliberately overlapping memcpy implementation * @param dst destination buffer; must be padded with 12 additional bytes - * @param back how many bytes back we start (the initial size of the overlapping window) + * @param back how many bytes back we start (the initial size of the overlapping window), must be > 0 * @param cnt number of bytes to copy, must be >= 0 * * cnt > back is valid, this will copy the bytes we just copied, * thus creating a repeating pattern with a period length of back. + * Note that lcldec currently can set back == 0 - which is wrong and + * makes no sense, but the code should at least avoid crashing or hanging + * for this case. */ void av_memcpy_backptr(uint8_t *dst, int back, int cnt); |