diff mbox series

[FFmpeg-devel,v2,1/1] avcodec/wmaprodec: return value check for init_get_bits

Message ID PAXP193MB1262B7A562676E0042DB2397B6C89@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM
State New
Headers show
Series [FFmpeg-devel,v2,1/1] avcodec/wmaprodec: return value check for init_get_bits | expand

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished
andriy/make_ppc success Make finished
andriy/make_fate_ppc success Make fate finished

Commit Message

Maryam Ebrahimzadeh Aug. 27, 2021, 6:40 a.m. UTC 
avcodec/wmaprodec: Return value check for init_get_bits

Similar to CVE-2021-38171 as the second argument for init_get_bits(avpkt and buf) can be crafted,
a return value check for this function call is necessary.
Also replace init_get_bits with init_get_bits8.

---
 libavcodec/wmaprodec.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Comments

Maryam Ebrahimzadeh Aug. 28, 2021, 5:15 a.m. UTC | #1 
ping.
Paul B Mahol Aug. 28, 2021, 7:33 a.m. UTC | #2 
Please waith 14 days between pings.
Paul B Mahol Aug. 28, 2021, 5:24 p.m. UTC | #3 
applied with minor changes
Maryam Ebrahimzadeh Aug. 28, 2021, 7:06 p.m. UTC | #4 
On Aug 28, 2021, at 9:54 PM, Paul B Mahol <onemda@gmail.com<mailto:onemda@gmail.com>> wrote:

applied with minor changes

Thank you.
Why you change the commit message?

Regards,
Maryam
Paul B Mahol Aug. 28, 2021, 8:45 p.m. UTC | #5 
On Sat, Aug 28, 2021 at 9:07 PM Maryam Ebrahimzadeh <me22bee@outlook.com>
wrote:

>
>
> On Aug 28, 2021, at 9:54 PM, Paul B Mahol <onemda@gmail.com<mailto:
> onemda@gmail.com>> wrote:
>
> applied with minor changes
>
> Thank you.
> Why you change the commit message?
>

I do not think that listing CVE entries is useful.


>
> Regards,
> Maryam
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
>
diff mbox series

Patch

diff --git a/libavcodec/wmaprodec.c b/libavcodec/wmaprodec.c
index e0d00d2d37..0e229b258d 100644
--- a/libavcodec/wmaprodec.c
+++ b/libavcodec/wmaprodec.c
@@ -1615,6 +1615,7 @@  static int decode_packet(AVCodecContext *avctx, WMAProDecodeCtx *s,
     int buf_size       = avpkt->size;
     int num_bits_prev_frame;
     int packet_sequence_number;
+    int ret;
 
     *got_frame_ptr = 0;
 
@@ -1666,7 +1667,9 @@  static int decode_packet(AVCodecContext *avctx, WMAProDecodeCtx *s,
         s->buf_bit_size = buf_size << 3;
 
         /** parse packet header */
-        init_get_bits(gb, buf, s->buf_bit_size);
+        ret = init_get_bits8(gb, buf, buf_size);
+        if (ret < 0)
+            return ret;
         if (avctx->codec_id != AV_CODEC_ID_XMA2) {
             packet_sequence_number = get_bits(gb, 4);
             skip_bits(gb, 2);
@@ -1734,7 +1737,9 @@  static int decode_packet(AVCodecContext *avctx, WMAProDecodeCtx *s,
         }
 
         s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3;
-        init_get_bits(gb, avpkt->data, s->buf_bit_size);
+        ret = init_get_bits8(gb, avpkt->data, (avpkt->size - s->next_packet_start));
+        if (ret < 0)
+            return ret;
         skip_bits(gb, s->packet_offset);
         if (s->len_prefix && remaining_bits(s, gb) > s->log2_frame_size &&
             (frame_size = show_bits(gb, s->log2_frame_size)) &&