[FFmpeg-cvslog] aac: Check init_get_bits return value
Luca Barbato
git at videolan.org
Tue Aug 27 19:23:48 CEST 2013
ffmpeg | branch: release/1.1 | Luca Barbato <lu_zero at gentoo.org> | Sun Aug 4 15:00:02 2013 +0200| [cb31b6ca724774057822ed65a818a41db8072e06] | committer: Luca Barbato
aac: Check init_get_bits return value
Some code paths can call it with invalid length.
CC: libav-stable at libav.org
(cherry picked from commit 71953ebcf94fe4ef316cdad1f276089205dd1d65)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cb31b6ca724774057822ed65a818a41db8072e06
---
libavcodec/aacdec.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 7952ac4..325bf63 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -789,7 +789,8 @@ static int decode_audio_specific_config(AACContext *ac,
av_dlog(avctx, "%02x ", avctx->extradata[i]);
av_dlog(avctx, "\n");
- init_get_bits(&gb, data, bit_size);
+ if ((ret = init_get_bits(&gb, data, bit_size)) < 0)
+ return ret;
if ((i = avpriv_mpeg4audio_get_config(m4ac, data, bit_size,
sync_extension)) < 0)
@@ -2638,7 +2639,8 @@ static int aac_decode_frame(AVCodecContext *avctx, void *data,
}
}
- init_get_bits(&gb, buf, buf_size * 8);
+ if ((err = init_get_bits(&gb, buf, buf_size * 8)) < 0)
+ return err;
if ((err = aac_decode_frame_int(avctx, data, got_frame_ptr, &gb)) < 0)
return err;
@@ -2883,7 +2885,8 @@ static int latm_decode_frame(AVCodecContext *avctx, void *out,
int muxlength, err;
GetBitContext gb;
- init_get_bits(&gb, avpkt->data, avpkt->size * 8);
+ if ((err = init_get_bits(&gb, avpkt->data, avpkt->size * 8)) < 0)
+ return err;
// check for LOAS sync word
if (get_bits(&gb, 11) != LOAS_SYNC_WORD)
More information about the ffmpeg-cvslog
mailing list