[FFmpeg-cvslog] avcodec/vc1dec: return value check for init_get_bits

maryam ebrahimzadeh git at videolan.org
Thu Aug 26 10:25:02 EEST 2021


ffmpeg | branch: master | maryam ebrahimzadeh <me22bee at outlook.com> | Mon Aug 23 14:24:56 2021 -0400| [3e24e8108d62eeee5453aee206370a273ab12a24] | committer: Paul B Mahol

avcodec/vc1dec: return value check for init_get_bits

As the second argument for init_get_bits(avctx and buf) can be crafted,
a return value check for this function call is necessary,
so replace init_get_bits with init_get_bits8 and add return value check.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3e24e8108d62eeee5453aee206370a273ab12a24
---

 libavcodec/vc1dec.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 335cd92953..e636fa6160 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -444,7 +444,9 @@ static av_cold int vc1_decode_init(AVCodecContext *avctx)
         // the last byte of the extradata is a version number, 1 for the
         // samples we can decode
 
-        init_get_bits(&gb, avctx->extradata, avctx->extradata_size*8);
+        ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size);
+        if (ret < 0)
+            return ret;
 
         if ((ret = ff_vc1_decode_sequence_header(avctx, v, &gb)) < 0)
           return ret;
@@ -770,8 +772,11 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
             buf_size2 = vc1_unescape_buffer(buf, buf_size, buf2);
         }
         init_get_bits(&s->gb, buf2, buf_size2*8);
-    } else
-        init_get_bits(&s->gb, buf, buf_size*8);
+    } else{
+        ret = init_get_bits8(&s->gb, buf, buf_size);
+        if (ret < 0)
+            return ret;
+    }
 
     if (v->res_sprite) {
         v->new_sprite  = !get_bits1(&s->gb);



More information about the ffmpeg-cvslog mailing list