Message ID | PAXP193MB12628022B85F9D4227420CD3B6FC9@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,v3,1/1] return value check for init_get_bits in vc1dec.c | expand |
Context | Check | Description |
---|---|---|
andriy/x86_make | success | Make finished |
andriy/x86_make_fate | success | Make fate finished |
andriy/PPC64_make | success | Make finished |
andriy/PPC64_make_fate | success | Make fate finished |
As the second argument for init_get_bits (avctx and bus ) can be crafted, a return value check for this function call is necessary so replace init_get_bits with init_get_bits8.
maryam ebrahimzadeh (12021-08-15): > --- > libavcodec/vc1dec.c | 11 ++++++++--- > 1 file changed, 8 insertions(+), 3 deletions(-) See: https://ffmpeg.org/pipermail/ffmpeg-devel/2021-August/283780.html for commit message formatting. Regards,
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 1fb1950ade..0f7c07f2e8 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -444,7 +444,9 @@ static av_cold int vc1_decode_init(AVCodecContext *avctx) // the last byte of the extradata is a version number, 1 for the // samples we can decode - init_get_bits(&gb, avctx->extradata, avctx->extradata_size*8); + ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size); + if (ret < 0) + return ret; if ((ret = ff_vc1_decode_sequence_header(avctx, v, &gb)) < 0) return ret; @@ -770,8 +772,11 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data, buf_size2 = vc1_unescape_buffer(buf, buf_size, buf2); } init_get_bits(&s->gb, buf2, buf_size2*8); - } else - init_get_bits(&s->gb, buf, buf_size*8); + } else { + ret = init_get_bits8(&s->gb, buf, buf_size); + if (ret < 0) + return ret; + } if (v->res_sprite) { v->new_sprite = !get_bits1(&s->gb);