On Sat, 26 Oct 2013 19:32:07 +0200, Luca Barbato <[email protected]> wrote: > From: Michael Niedermayer <[email protected]> > > And use init_get_bits8 to check for integer overflows while at it. > > CC: [email protected] > Signed-off-by: Luca Barbato <[email protected]> > --- > libavcodec/h263dec.c | 16 ++++++++++------ > 1 file changed, 10 insertions(+), 6 deletions(-) > > diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c > index 6245068..1ac972c 100644 > --- a/libavcodec/h263dec.c > +++ b/libavcodec/h263dec.c > @@ -401,12 +401,15 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void > *data, int *got_frame, > } > > if (s->bitstream_buffer_size && (s->divx_packed || buf_size < 20)) // > divx 5.01+/xvid frame reorder > - init_get_bits(&s->gb, s->bitstream_buffer, > - s->bitstream_buffer_size * 8); > + ret = init_get_bits8(&s->gb, s->bitstream_buffer, > + s->bitstream_buffer_size); > else > - init_get_bits(&s->gb, buf, buf_size * 8); > + ret = init_get_bits8(&s->gb, buf, buf_size); > s->bitstream_buffer_size = 0; > > + if (ret < 0) > + return ret; > + > if (!s->context_initialized) > if (ff_MPV_common_init(s) < 0) // we need the idct permutaton for > reading a custom matrix > return -1; > @@ -429,9 +432,10 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void > *data, int *got_frame, > if (s->avctx->extradata_size && s->picture_number == 0) { > GetBitContext gb; > > - init_get_bits(&gb, s->avctx->extradata, > - s->avctx->extradata_size * 8); > - ret = ff_mpeg4_decode_picture_header(s, &gb); > + ret = init_get_bits8(&gb, s->avctx->extradata, > + s->avctx->extradata_size); > + if (ret >= 0) > + ret = ff_mpeg4_decode_picture_header(s, &gb); > } > ret = ff_mpeg4_decode_picture_header(s, &s->gb);
Looks like ret gets lost here. -- Anton Khirnov _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
