diff mbox series

[FFmpeg-devel,v5,1/1] avcodec/vc1dec: Return value check for init_get_bits

Message ID PAXP193MB1262362E0A71E52CE6EEE478B6C49@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM
State New
Headers show
Series [FFmpeg-devel,v5,1/1] avcodec/vc1dec: Return value check for init_get_bits | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Maryam Ebrahimzadeh Aug. 23, 2021, 6:24 p.m. UTC 
avcodec/vc1dec: Return value check for init_get_bits

As the second argument for init_get_bits(avctx and buf) can be crafted,
a return value check for this function call is necessary
so replace init_get_bits with init_get_bits8 and add return value check.

---
 libavcodec/vc1dec.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

Comments

Maryam Ebrahimzadeh Aug. 25, 2021, 4:46 a.m. UTC | #1 
ping.
Paul B Mahol Aug. 25, 2021, 7:48 a.m. UTC | #2 
lgtm
Maryam Ebrahimzadeh Aug. 26, 2021, 5:07 a.m. UTC | #3 
Thanks,
So when will you apply this?
diff mbox series

Patch

diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 335cd92953..e636fa6160 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -444,7 +444,9 @@  static av_cold int vc1_decode_init(AVCodecContext *avctx)
         // the last byte of the extradata is a version number, 1 for the
         // samples we can decode
 
-        init_get_bits(&gb, avctx->extradata, avctx->extradata_size*8);
+        ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size);
+        if (ret < 0)
+            return ret;
 
         if ((ret = ff_vc1_decode_sequence_header(avctx, v, &gb)) < 0)
           return ret;
@@ -770,8 +772,11 @@  static int vc1_decode_frame(AVCodecContext *avctx, void *data,
             buf_size2 = vc1_unescape_buffer(buf, buf_size, buf2);
         }
         init_get_bits(&s->gb, buf2, buf_size2*8);
-    } else
-        init_get_bits(&s->gb, buf, buf_size*8);
+    } else{
+        ret = init_get_bits8(&s->gb, buf, buf_size);
+        if (ret < 0)
+            return ret;
+    }
 
     if (v->res_sprite) {
         v->new_sprite  = !get_bits1(&s->gb);