On 14/02/2017 21:02, Anton Khirnov wrote: > Currently it incorrectly compares bits with bytes. > > Also, move the check right before where it's relevant, so that the > correct number of remaining bits is used. > > CC: [email protected] > --- > libavcodec/svq3.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c > index 20c8f89..667d390 100644 > --- a/libavcodec/svq3.c > +++ b/libavcodec/svq3.c > @@ -1031,17 +1031,16 @@ static int svq3_decode_slice_header(AVCodecContext > *avctx) > slice_bits = slice_length * 8; > slice_bytes = slice_length + length - 1; > > - if (slice_bytes > bitstream_bits_left(&s->bc)) { > - av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n"); > - return -1; > - } > - > bitstream_skip(&s->bc, 8); > > av_fast_malloc(&s->slice_buf, &s->slice_size, slice_bytes + > AV_INPUT_BUFFER_PADDING_SIZE); > if (!s->slice_buf) > return AVERROR(ENOMEM); > > + if (slice_bytes * 8 > bitstream_bits_left(&s->bc)) { > + av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n"); > + return AVERROR_INVALIDDATA; > + }
I'd keep it before the fast malloc though. lu _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
