* fixing a buffer overrun in gif.c
authorRoman Shaposhnik <roman@shaposhnik.org>
Wed, 28 Jul 2004 21:56:59 +0000 (21:56 +0000)
committerRoman Shaposhnik <roman@shaposhnik.org>
Wed, 28 Jul 2004 21:56:59 +0000 (21:56 +0000)
Originally committed as revision 3363 to svn://svn.ffmpeg.org/ffmpeg/trunk

libavformat/gif.c
tests/libav.regression.ref

index 3a5f041..84809bf 100644 (file)
@@ -252,7 +252,7 @@ static int gif_image_write_image(ByteIOContext *pb,
 
         gif_put_bits_rev(&p, 9, 0x0100); /* clear code */
 
-        for(i=0;i<GIF_CHUNKS;i++) {
+        for(i=(left<GIF_CHUNKS)?left:GIF_CHUNKS;i;i--) {
             if (pix_fmt == PIX_FMT_RGB24) {
                 v = gif_clut_index(ptr[0], ptr[1], ptr[2]);
                 ptr+=3;
@@ -276,12 +276,10 @@ static int gif_image_write_image(ByteIOContext *pb,
             put_buffer(pb, p.buf, pbBufPtr(&p) - p.buf); /* the actual buffer */
             p.buf_ptr = p.buf; /* dequeue the bytes off the bitstream */
         }
-        if(left<=GIF_CHUNKS) {
-            put_byte(pb, 0x00); /* end of image block */
-        }
-
         left-=GIF_CHUNKS;
     }
+    put_byte(pb, 0x00); /* end of image block */
+    
     return 0;
 }
 
index 3c6a6d6..c90d243 100644 (file)
@@ -37,8 +37,8 @@ b28918de1199e60a7ac235eefacb7d3b *./data/b-libav.dv
 0c5fe86621b7377705837f304d4ba1e9 *./data/b-libav.ppm
 7603575 ./data/b-libav.ppm
 ./data/b-libav.ppm CRC=b2bb8e92
-1cac531652ea2ff2fb141d5ae992caa8 *./data/b-libav.gif
-2907057 ./data/b-libav.gif
+88a98269295fbfce7816558ad84e1259 *./data/b-libav.gif
+2906382 ./data/b-libav.gif
 c39dd19b88f9e0f03a318b51c37edb61 *./data/b-libav.yuv4mpeg
 3801810 ./data/b-libav.yuv4mpeg
 ./data/b-libav%d.pgm CRC=84c09106