From: Michael Niedermayer <[email protected]> And use init_get_bits8 to check for integer overflows while at it.
CC: [email protected] Signed-off-by: Luca Barbato <[email protected]> --- libavcodec/h263dec.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index 6245068..1ac972c 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -401,12 +401,15 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, } if (s->bitstream_buffer_size && (s->divx_packed || buf_size < 20)) // divx 5.01+/xvid frame reorder - init_get_bits(&s->gb, s->bitstream_buffer, - s->bitstream_buffer_size * 8); + ret = init_get_bits8(&s->gb, s->bitstream_buffer, + s->bitstream_buffer_size); else - init_get_bits(&s->gb, buf, buf_size * 8); + ret = init_get_bits8(&s->gb, buf, buf_size); s->bitstream_buffer_size = 0; + if (ret < 0) + return ret; + if (!s->context_initialized) if (ff_MPV_common_init(s) < 0) // we need the idct permutaton for reading a custom matrix return -1; @@ -429,9 +432,10 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, if (s->avctx->extradata_size && s->picture_number == 0) { GetBitContext gb; - init_get_bits(&gb, s->avctx->extradata, - s->avctx->extradata_size * 8); - ret = ff_mpeg4_decode_picture_header(s, &gb); + ret = init_get_bits8(&gb, s->avctx->extradata, + s->avctx->extradata_size); + if (ret >= 0) + ret = ff_mpeg4_decode_picture_header(s, &gb); } ret = ff_mpeg4_decode_picture_header(s, &s->gb); } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) { -- 1.8.3.2 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
