[FFmpeg-devel] [PATCH] avcodec/get_bits: fix crash with get_bits1()
Paul B Mahol
onemda at gmail.com
Mon Oct 28 19:36:02 CET 2013
On 10/28/13, Paul B Mahol <onemda at gmail.com> wrote:
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
> libavcodec/get_bits.h | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h
> index 32715d8..3df570b 100644
> --- a/libavcodec/get_bits.h
> +++ b/libavcodec/get_bits.h
> @@ -410,7 +410,7 @@ static inline int init_get_bits(GetBitContext *s, const
> uint8_t *buffer,
>
> if (bit_size >= INT_MAX - 7 || bit_size <= 0 || !buffer) {
> buffer_size = bit_size = 0;
> - buffer = NULL;
> + buffer = (const uint8_t*)s;
> ret = AVERROR_INVALIDDATA;
> }
>
> --
> 1.7.11.2
>
>
How to test: just call init_get_bits(8) with negative size and never
check return value.
More information about the ffmpeg-devel
mailing list