On Sun, 20 Jan 2013, Luca Barbato wrote:
Too much code relies in having init_get_bits fed with a valid buffer and set its dimension to 0.Check for NULL buffer instead. --- Fixes partially the problems shown by the sample in bug #430. libavcodec/get_bits.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/get_bits.h b/libavcodec/get_bits.h index 12770a2..ffa0656 100644 --- a/libavcodec/get_bits.h +++ b/libavcodec/get_bits.h @@ -375,7 +375,7 @@ static inline int init_get_bits(GetBitContext *s, const uint8_t *buffer, int buffer_size; int ret = 0; - if (bit_size > INT_MAX - 7 || bit_size <= 0) { + if (bit_size > INT_MAX - 7 || bit_size < 0 || !buffer) { buffer_size = bit_size = 0; buffer = NULL; ret = AVERROR_INVALIDDATA; -- 1.8.0.2
Looks sensible to me - I guess this would have fixed the theora issue as well. I can imagine that the same issue exists in pretty many places.
// Martin _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
