On Fri, Jul 15, 2011 at 10:15:56AM +0100, Måns Rullgård wrote: > Diego Biurrun <[email protected]> writes: > > > User-provided data should never trigger an assert; also fixes the warning: > > libavcodec/vaapi_mpeg2.c:112:14: warning: variable 'start_code' set but not > > used > > --- a/libavcodec/vaapi_mpeg2.c > > +++ b/libavcodec/vaapi_mpeg2.c > > @@ -116,7 +116,8 @@ static int vaapi_mpeg2_decode_slice(AVCodecContext > > *avctx, const uint8_t *buffer > > /* Determine macroblock_offset */ > > init_get_bits(&gb, buffer, 8 * size); > > start_code = get_bits(&gb, 32); > > - assert((start_code & 0xffffff00) == 0x00000100); > > + if (!((start_code & 0xffffff00) == 0x00000100)) > > + return -1; > > Fix the get_bits -> get_bits_long while at it, or this is bound to cause > trouble.
Notice that even this trivial grep already finds two dozen more candidate instances of this issue: biurrun@passion:~/src/libav $ git grep -e 'skip_bits(.*32)' -e 'get_bits(.*32)' | wc -l 24 I'm not volunteering to fix... Diego _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
