Andreas Cadhalpun cd8bedb9fa jvdec: avoid unsigned overflow in comparison ...

The return type of strlen is size_t, i.e. unsigned, so if pd->buf_size
is 3, the right side overflows leading to a wrong result of the
comparison and subsequently a heap buffer overflow.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit db374790c7)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

2015-11-12 02:55:47 +01:00

7.8 KiB

Raw Blame History

View Raw