Context https://bugzilla.libav.org/show_bug.cgi?id=420
We have different problems with that sample:
- the mov demuxer ends up sending a huge packet because of a misparsing
- the packet size * 8 overflows the integer and init_get_bits doesn't
return errors.
- show_bits just segfaults on nulled context
So far I have this naive solution:
-static inline void init_get_bits(GetBitContext *s, const uint8_t *buffer,
+static inline int init_get_bits(GetBitContext *s, const uint8_t *buffer,
int bit_size)
{
int buffer_size = (bit_size+7)>>3;
+ int ret = 0;
if (buffer_size < 0 || bit_size < 0) {
buffer_size = bit_size = 0;
buffer = NULL;
+ ret = AVERROR_INVALIDDATA;
}
s->buffer = buffer;
@@ -383,6 +385,7 @@ static inline void init_get_bits(GetBitContext *s,
const uint8_t *buffer,
#endif
s->buffer_end = buffer + buffer_size;
s->index = 0;
+ return ret;
}
And it works decently w/out having an incredible impact on performance,
still show_bits can crash.
I hadn't checked if we can do something on the mov demuxer yet.
lu
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
