commit 47d4631ac62900484fac206abdfc33a2920b07bf Author: Edward Wang <edward.c.wang@compdigitec.com> Date: Sun Oct 14 18:58:18 2012 -0400 png: Check length before read Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org> (cherry picked from commit b3b751cb99df71e3c0a18bcb38b4691cf98265fe) Signed-off-by: Jean-Baptiste Kempf <jb@videolan.org> diff --git a/modules/codec/png.c b/modules/codec/png.c index acd5694..ced4016 100644 --- a/modules/codec/png.c +++ b/modules/codec/png.c @@ -91,12 +91,14 @@ static int OpenDecoder( vlc_object_t *p_this ) static void user_read( png_structp p_png, png_bytep data, png_size_t i_length ) { block_t *p_block = (block_t *)png_get_io_ptr( p_png ); - png_size_t i_read = __MIN( p_block->i_buffer, i_length ); + if( i_length > p_block->i_buffer ) { + png_error( p_png, "not enough data" ); + return; + } + memcpy( data, p_block->p_buffer, i_length ); p_block->p_buffer += i_length; p_block->i_buffer -= i_length; - - if( i_length != i_read ) png_error( p_png, "not enough data" ); } static void user_error( png_structp p_png, png_const_charp error_msg )