[libav-devel] [PATCH] aac: Check init_get_bits return value

Luca Barbato Sun, 04 Aug 2013 06:06:33 -0700

Some codepath can call it with invalid lenght.

CC: [email protected]
---


This old patch was lost since ages...

 libavcodec/aacdec.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 659be55..8eaee60 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -789,7 +789,8 @@ static int decode_audio_specific_config(AACContext *ac,
         av_dlog(avctx, "%02x ", avctx->extradata[i]);
     av_dlog(avctx, "\n");

-    init_get_bits(&gb, data, bit_size);
+    if ((ret = init_get_bits(&gb, data, bit_size)) < 0)
+        return ret;

     if ((i = avpriv_mpeg4audio_get_config(m4ac, data, bit_size,
                                           sync_extension)) < 0)
@@ -2635,7 +2636,8 @@ static int aac_decode_frame(AVCodecContext *avctx, void 
*data,
         }
     }

-    init_get_bits(&gb, buf, buf_size * 8);
+    if ((err = init_get_bits(&gb, buf, buf_size * 8)) < 0)
+        return err;

     if ((err = aac_decode_frame_int(avctx, data, got_frame_ptr, &gb)) < 0)
         return err;
@@ -2878,7 +2880,8 @@ static int latm_decode_frame(AVCodecContext *avctx, void 
*out,
     int                 muxlength, err;
     GetBitContext       gb;

-    init_get_bits(&gb, avpkt->data, avpkt->size * 8);
+    if ((err = init_get_bits(&gb, avpkt->data, avpkt->size * 8)) < 0)
+        return err;

     // check for LOAS sync word
     if (get_bits(&gb, 11) != LOAS_SYNC_WORD)
--
1.8.3.2

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH] aac: Check init_get_bits return value

Reply via email to