[FFmpeg-devel] [libav-devel] [PATCH] mpeg4videodec: only allow a positive length

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Apr 22 19:08:57 CEST 2015


On 22.04.2015 18:51, Vittorio Giovara wrote:
> On Wed, Apr 22, 2015 at 3:32 PM, Andreas Cadhalpun
> <andreas.cadhalpun at googlemail.com> wrote:
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>  libavcodec/mpeg4videodec.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
>> index 8449392..9bf33dd 100644
>> --- a/libavcodec/mpeg4videodec.c
>> +++ b/libavcodec/mpeg4videodec.c
>> @@ -189,14 +189,14 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g
>>          int x = 0, y = 0;
>>
>>          length = get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3);
>> -        if (length)
>> +        if (length > 0)
>>              x = get_xbits(gb, length);
>>
>>          if (!(ctx->divx_version == 500 && ctx->divx_build == 413))
>>              check_marker(gb, "before sprite_trajectory");
>>
>>          length = get_vlc2(gb, sprite_trajectory.table, SPRITE_TRAJ_VLC_BITS, 3);
>> -        if (length)
>> +        if (length > 0)
>>              y = get_xbits(gb, length);
>>
>>          check_marker(gb, "after sprite_trajectory");
>> --
> 
> Not very familiar with the code, but shouldn't you error out in this case?

One could error out as well, but there was already the check for length != 0,
so changing that was simpler.

Best regards,
Andreas


More information about the ffmpeg-devel mailing list