diff mbox series

[FFmpeg-devel,1/2] avcodec/anm: Check extradata length before allocating frame

Message ID 20200530043300.19951-1-andreas.rheinhardt@gmail.com
State Accepted
Commit 45c350226696be9deae7c73d67fdc93f848f9a91
Headers show
Series [FFmpeg-devel,1/2] avcodec/anm: Check extradata length before allocating frame | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt May 30, 2020, 4:32 a.m. UTC 
Then one doesn't need to free the frame in case the length turns out to
be insufficient.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
 libavcodec/anm.c | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

Comments

Peter Ross May 31, 2020, 2:44 a.m. UTC | #1 
On Sat, May 30, 2020 at 06:32:59AM +0200, Andreas Rheinhardt wrote:
> Then one doesn't need to free the frame in case the length turns out to
> be insufficient.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
>  libavcodec/anm.c | 8 +++-----
>  1 file changed, 3 insertions(+), 5 deletions(-)
> 
> diff --git a/libavcodec/anm.c b/libavcodec/anm.c
> index cd1fcc5998..e9b19d880d 100644
> --- a/libavcodec/anm.c
> +++ b/libavcodec/anm.c
> @@ -40,6 +40,9 @@ static av_cold int decode_init(AVCodecContext *avctx)
>      AnmContext *s = avctx->priv_data;
>      int i;
>  
> +    if (avctx->extradata_size < 16 * 8 + 4 * 256)
> +        return AVERROR_INVALIDDATA;
> +
>      avctx->pix_fmt = AV_PIX_FMT_PAL8;
>  
>      s->frame = av_frame_alloc();
> @@ -47,11 +50,6 @@ static av_cold int decode_init(AVCodecContext *avctx)
>          return AVERROR(ENOMEM);
>  
>      bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size);
> -    if (bytestream2_get_bytes_left(&s->gb) < 16 * 8 + 4 * 256) {
> -        av_frame_free(&s->frame);
> -        return AVERROR_INVALIDDATA;
> -    }
> -
>      bytestream2_skipu(&s->gb, 16 * 8);
>      for (i = 0; i < 256; i++)
>          s->palette[i] = (0xFFU << 24) | bytestream2_get_le32u(&s->gb);
> -- 
> 2.20.1

ok.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)
diff mbox series

Patch

diff --git a/libavcodec/anm.c b/libavcodec/anm.c
index cd1fcc5998..e9b19d880d 100644
--- a/libavcodec/anm.c
+++ b/libavcodec/anm.c
@@ -40,6 +40,9 @@  static av_cold int decode_init(AVCodecContext *avctx)
     AnmContext *s = avctx->priv_data;
     int i;
 
+    if (avctx->extradata_size < 16 * 8 + 4 * 256)
+        return AVERROR_INVALIDDATA;
+
     avctx->pix_fmt = AV_PIX_FMT_PAL8;
 
     s->frame = av_frame_alloc();
@@ -47,11 +50,6 @@  static av_cold int decode_init(AVCodecContext *avctx)
         return AVERROR(ENOMEM);
 
     bytestream2_init(&s->gb, avctx->extradata, avctx->extradata_size);
-    if (bytestream2_get_bytes_left(&s->gb) < 16 * 8 + 4 * 256) {
-        av_frame_free(&s->frame);
-        return AVERROR_INVALIDDATA;
-    }
-
     bytestream2_skipu(&s->gb, 16 * 8);
     for (i = 0; i < 256; i++)
         s->palette[i] = (0xFFU << 24) | bytestream2_get_le32u(&s->gb);