From b08edb22684c1848b1c6186848585c324d9aae62 Mon Sep 17 00:00:00 2001
From: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
Date: Sun, 13 Jul 2008 20:03:57 +0000
Subject: check that csize in ff_lzw_decode_init is < LZW_MAXBITS, <= is not
 enough and might read outside the prefix array

Originally committed as revision 14214 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/lzw.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec/lzw.c')

diff --git a/libavcodec/lzw.c b/libavcodec/lzw.c
index 207b807e9d..7bdc89a37c 100644
--- a/libavcodec/lzw.c
+++ b/libavcodec/lzw.c
@@ -131,7 +131,7 @@ int ff_lzw_decode_init(LZWState *p, int csize, const uint8_t *buf, int buf_size,
 {
     struct LZWState *s = (struct LZWState *)p;
 
-    if(csize < 1 || csize > LZW_MAXBITS)
+    if(csize < 1 || csize >= LZW_MAXBITS)
         return -1;
     /* read buffer */
     s->pbuf = buf;
-- 
cgit v1.2.3