If the input buffer contains more data after the deflate stream,
the loop previously left running infinitely, with inflate returning
Z_STREAM_END.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-sta...@libav.org
---
libavcodec/pngdec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index ec44d56..8864e4a 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -378,6 +378,10 @@ static int png_decode_idat(PNGDecContext *s, int length)
s->zstream.avail_out = s->crow_size;
s->zstream.next_out = s->crow_buf;
}
+ if (ret == Z_STREAM_END && s->zstream.avail_in > 0) {
+ av_log(NULL, AV_LOG_WARNING, "%d undecompressed bytes left in
buffer\n", s->zstream.avail_in);
+ return 0;
+ }
}
return 0;
}
--
1.7.9.4
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
