diff mbox series

[FFmpeg-devel,v1,1/1] return value check for init_get_bits in adts_decode_extradata

Message ID PAXP193MB1262DA5A6749E28EB860A2C5B6F09@PAXP193MB1262.EURP193.PROD.OUTLOOK.COM
State New
Headers show
Series [FFmpeg-devel,v1,1/1] return value check for init_get_bits in adts_decode_extradata | expand

Checks

Context Check Description
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Maryam Ebrahimzadeh Aug. 3, 2021, 7:28 a.m. UTC 
As second argument for init_get_bits (buf) can be crafted, return value check for this function call is necessary.
'buf' is  part of  'AVPacket pkt'.

---
 libavformat/adtsenc.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

Comments

Maryam Ebrahimzadeh Aug. 4, 2021, 6:04 p.m. UTC | #1 
Ping.

> On Aug 3, 2021, at 11:58 AM, maryam ebrahimzadeh <me22bee@outlook.com> wrote:
> 
> As second argument for init_get_bits (buf) can be crafted, return value check for this function call is necessary.
> 'buf' is  part of  'AVPacket pkt'.
> 
> ---
> libavformat/adtsenc.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
> index ba15c0a724..b660618432 100644
> --- a/libavformat/adtsenc.c
> +++ b/libavformat/adtsenc.c
> @@ -53,9 +53,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
>     GetBitContext gb;
>     PutBitContext pb;
>     MPEG4AudioConfig m4ac;
> -    int off;
> +    int off, ret;
> 
> -    init_get_bits(&gb, buf, size * 8);
> +    ret = init_get_bits(&gb, buf, size * 8);
> +    if (ret < 0)
> +        return ret;
>     off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
>     if (off < 0)
>         return off;
> -- 
> 2.17.1
> 
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
Andreas Rheinhardt Aug. 4, 2021, 6:17 p.m. UTC | #2 
Maryam Ebrahimzadeh:
> Ping.
> 
>> On Aug 3, 2021, at 11:58 AM, maryam ebrahimzadeh <me22bee@outlook.com> wrote:
>>
>> As second argument for init_get_bits (buf) can be crafted, return value check for this function call is necessary.
>> 'buf' is  part of  'AVPacket pkt'.
>>
>> ---
>> libavformat/adtsenc.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
>> index ba15c0a724..b660618432 100644
>> --- a/libavformat/adtsenc.c
>> +++ b/libavformat/adtsenc.c
>> @@ -53,9 +53,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
>>     GetBitContext gb;
>>     PutBitContext pb;
>>     MPEG4AudioConfig m4ac;
>> -    int off;
>> +    int off, ret;
>>
>> -    init_get_bits(&gb, buf, size * 8);
>> +    ret = init_get_bits(&gb, buf, size * 8);
>> +    if (ret < 0)
>> +        return ret;
>>     off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
>>     if (off < 0)
>>         return off;

This does not check against overflow; use init_get_bits8().

- Andreas
diff mbox series

Patch

diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
index ba15c0a724..b660618432 100644
--- a/libavformat/adtsenc.c
+++ b/libavformat/adtsenc.c
@@ -53,9 +53,11 @@  static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
     GetBitContext gb;
     PutBitContext pb;
     MPEG4AudioConfig m4ac;
-    int off;
+    int off, ret;
 
-    init_get_bits(&gb, buf, size * 8);
+    ret = init_get_bits(&gb, buf, size * 8);
+    if (ret < 0)
+        return ret;
     off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
     if (off < 0)
         return off;