From 088ce4df981b70fbec140ee54417bcb49a7dffca Mon Sep 17 00:00:00 2001
From: Eric Soroos <eric-github@soroos.net>
Date: Thu, 5 Mar 2020 10:46:27 +0000
Subject: [PATCH 08/11] comments

---
 src/libImaging/FliDecode.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/libImaging/FliDecode.c b/src/libImaging/FliDecode.c
index 98bc037681..16ddf3a49f 100644
--- a/src/libImaging/FliDecode.c
+++ b/src/libImaging/FliDecode.c
@@ -140,7 +140,7 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 12:
 	    /* FLI LC chunk (byte delta) */
-	    /* OOB Check ok, we have 10 bytes here */
+	    /* OOB Check ok, we have 4 bytes min here */
 	    y = I16(data); ymax = y + I16(data+2); data += 4;
 	    for (; y < ymax && y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
@@ -180,19 +180,17 @@ ImagingFliDecode(Imaging im, ImagingCodecState state, UINT8* buf, Py_ssize_t byt
 	    break;
 	case 15:
 	    /* FLI BRUN chunk */
-	    /* data = ptr + 6 */
+	    /* OOB, ok, we've got 4 bytes min on entry */
 	    for (y = 0; y < state->ysize; y++) {
 		UINT8* out = (UINT8*) im->image[y];
 		data += 1; /* ignore packetcount byte */
 		for (x = 0; x < state->xsize; x += i) {
-		    /* Out of Bounds Read issue, guaranteed to try to read 2 from data */
 		    ERR_IF_DATA_OOB(2)
 		    if (data[0] & 0x80) {
 			i = 256 - data[0];
 			if (x + i > state->xsize) {
 			    break; /* safety first */
 			}
-			/* Out of Bounds read issue */
 			ERR_IF_DATA_OOB(i+1)
 			memcpy(out + x, data + 1, i);
 			data += i + 1;