[FFmpeg-devel] [PATCH] avcodec/get_bits: fix crash with get_bits1() and negative bit_size
Paul B Mahol
onemda at gmail.com
Tue Oct 29 10:27:50 CET 2013
Also always return zeros for bit_size == 0.
This needs buffer to always be padded with zeros.
Signed-off-by: Paul B Mahol <onemda at gmail.com>
---
libavcodec/get_bits.h | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h
index 4ddb088..c5678e1 100644
--- a/libavcodec/get_bits.h
+++ b/libavcodec/get_bits.h
@@ -408,10 +408,10 @@ static inline int init_get_bits(GetBitContext *s, const uint8_t *buffer,
int buffer_size;
int ret = 0;
- if (bit_size >= INT_MAX - 7 || bit_size < 0 || !buffer) {
- buffer_size = bit_size = 0;
- buffer = NULL;
- ret = AVERROR_INVALIDDATA;
+ if (bit_size >= INT_MAX - 7 || bit_size <= 0 || !buffer) {
+ ret = (bit_size || !buffer) ? AVERROR_INVALIDDATA : 0;
+ buffer = buffer ? buffer + 2 : NULL;
+ bit_size = buffer ? 31 : 0;
}
buffer_size = (bit_size + 7) >> 3;
--
1.7.11.2
More information about the ffmpeg-devel
mailing list