Re: [libav-devel] [PATCH 1/2] h263: Check init_get_bits return value

Sat, 26 Oct 2013 12:52:37 -0700 

On 26/10/13 21:49, Anton Khirnov wrote:
> 
> On Sat, 26 Oct 2013 19:32:07 +0200, Luca Barbato <[email protected]> wrote:
>> From: Michael Niedermayer <[email protected]>
>>
>> And use init_get_bits8 to check for integer overflows while at it.
>>
>> CC: [email protected]
>> Signed-off-by: Luca Barbato <[email protected]>
>> ---
>>  libavcodec/h263dec.c | 16 ++++++++++------
>>  1 file changed, 10 insertions(+), 6 deletions(-)
>>
>> diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
>> index 6245068..1ac972c 100644
>> --- a/libavcodec/h263dec.c
>> +++ b/libavcodec/h263dec.c
>> @@ -401,12 +401,15 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void 
>> *data, int *got_frame,
>>      }
>>  
>>      if (s->bitstream_buffer_size && (s->divx_packed || buf_size < 20)) // 
>> divx 5.01+/xvid frame reorder
>> -        init_get_bits(&s->gb, s->bitstream_buffer,
>> -                      s->bitstream_buffer_size * 8);
>> +        ret = init_get_bits8(&s->gb, s->bitstream_buffer,
>> +                             s->bitstream_buffer_size);
>>      else
>> -        init_get_bits(&s->gb, buf, buf_size * 8);
>> +        ret = init_get_bits8(&s->gb, buf, buf_size);
>>      s->bitstream_buffer_size = 0;
>>  
>> +    if (ret < 0)
>> +        return ret;
>> +
>>      if (!s->context_initialized)
>>          if (ff_MPV_common_init(s) < 0) // we need the idct permutaton for 
>> reading a custom matrix
>>              return -1;
>> @@ -429,9 +432,10 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void 
>> *data, int *got_frame,
>>          if (s->avctx->extradata_size && s->picture_number == 0) {
>>              GetBitContext gb;
>>  
>> -            init_get_bits(&gb, s->avctx->extradata,
>> -                          s->avctx->extradata_size * 8);
>> -            ret = ff_mpeg4_decode_picture_header(s, &gb);
>> +            ret = init_get_bits8(&gb, s->avctx->extradata,
>> +                                 s->avctx->extradata_size);
>> +            if (ret >= 0)
>> +                ret = ff_mpeg4_decode_picture_header(s, &gb);
>>          }
>>          ret = ff_mpeg4_decode_picture_header(s, &s->gb);
> 
> Looks like ret gets lost here.
> 
Indeed I forgot to add the quick return I asked Derek to add last round ^^;

Shame on me =)

lu
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to