Message ID | 20240502004150.3627661-5-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/7] avcodec/av1dec: bit_depth cannot be another values than 8, 10, 12 | expand |
Michael Niedermayer: > Fixes: CID1492867 Unchecked return value > > Sponsored-by: Sovereign Tech Fund > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/avs3_parser.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c > index a819b5783d6..0f9076befe1 100644 > --- a/libavcodec/avs3_parser.c > +++ b/libavcodec/avs3_parser.c > @@ -73,7 +73,9 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, > GetBitContext gb; > int profile, ratecode, low_delay; > > - init_get_bits8(&gb, buf + 4, buf_size - 4); > + int ret = init_get_bits8(&gb, buf + 4, buf_size - 4); > + if (ret < 0) > + return; > > s->key_frame = 1; > s->pict_type = AV_PICTURE_TYPE_I; This code only reads/skips a few bits here (at most 100 if I counted correctly), so one could initialize the reader for a shorter length and assert that the call succeeds. - Andreas
On Thu, May 02, 2024 at 10:28:36AM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: CID1492867 Unchecked return value > > > > Sponsored-by: Sovereign Tech Fund > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/avs3_parser.c | 4 +++- > > 1 file changed, 3 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c > > index a819b5783d6..0f9076befe1 100644 > > --- a/libavcodec/avs3_parser.c > > +++ b/libavcodec/avs3_parser.c > > @@ -73,7 +73,9 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, > > GetBitContext gb; > > int profile, ratecode, low_delay; > > > > - init_get_bits8(&gb, buf + 4, buf_size - 4); > > + int ret = init_get_bits8(&gb, buf + 4, buf_size - 4); > > + if (ret < 0) > > + return; > > > > s->key_frame = 1; > > s->pict_type = AV_PICTURE_TYPE_I; > > This code only reads/skips a few bits here (at most 100 if I counted > correctly), so one could initialize the reader for a shorter length and > assert that the call succeeds. will apply: - init_get_bits8(&gb, buf + 4, buf_size - 4); + av_unused int ret = init_get_bits(&gb, buf + 4, 100); + av_assert1(ret >= 0); thx [...]
diff --git a/libavcodec/avs3_parser.c b/libavcodec/avs3_parser.c index a819b5783d6..0f9076befe1 100644 --- a/libavcodec/avs3_parser.c +++ b/libavcodec/avs3_parser.c @@ -73,7 +73,9 @@ static void parse_avs3_nal_units(AVCodecParserContext *s, const uint8_t *buf, GetBitContext gb; int profile, ratecode, low_delay; - init_get_bits8(&gb, buf + 4, buf_size - 4); + int ret = init_get_bits8(&gb, buf + 4, buf_size - 4); + if (ret < 0) + return; s->key_frame = 1; s->pict_type = AV_PICTURE_TYPE_I;
Fixes: CID1492867 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/avs3_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)