avformat/oggparseflac: check init_get_bits' result

Check init_get_bits' result for NULL, to avoid dereferencing a NULL pointer later (CWE-476). Without this, a segfault happens when trying to decode a handcrafted ogg-flac file with an absurdly long (e.g. 268435455 bytes) ogg header. Co-authored-by: James Almer <jamrial@gmail.com> Signed-off-by: Paul Arzelier <paul.arzelier@free.fr>
author: Paul Arzelier <paul.arzelier@free.fr> 2023-05-30 23:21:36 +0200
committer: James Almer <jamrial@gmail.com> 2023-05-30 18:26:32 -0300
commit: a9042db1d30483639b3ca610b74a7d43f29ea1a9 (patch)
tree: eec523be748d7a8db71ec5efe464616f4f9230d1
parent: 4d9afbeef522726beb1ef50689009dd88f195d3a (diff)
download: ffmpeg-a9042db1d30483639b3ca610b74a7d43f29ea1a9.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/libavformat/oggparseflac.c b/libavformat/oggparseflac.c
index eef6e09927..557440d94b 100644
--- a/libavformat/oggparseflac.c
+++ b/libavformat/oggparseflac.c
@@ -40,7 +40,10 @@ flac_header (AVFormatContext * s, int idx)
     if (os->buf[os->pstart] == 0xff)
         return 0;
 
-    init_get_bits(&gb, os->buf + os->pstart, os->psize*8);
+    ret = init_get_bits8(&gb, os->buf + os->pstart, os->psize);
+    if (ret < 0)
+        return ret;
+
     skip_bits1(&gb); /* metadata_last */
     mdt = get_bits(&gb, 7);
author	Paul Arzelier <paul.arzelier@free.fr>	2023-05-30 23:21:36 +0200
committer	James Almer <jamrial@gmail.com>	2023-05-30 18:26:32 -0300
commit	a9042db1d30483639b3ca610b74a7d43f29ea1a9 (patch)
tree	eec523be748d7a8db71ec5efe464616f4f9230d1
parent	4d9afbeef522726beb1ef50689009dd88f195d3a (diff)
download	ffmpeg-a9042db1d30483639b3ca610b74a7d43f29ea1a9.tar.gz