diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-10-26 19:02:34 +0200 |
|---|---|---|
| committer | Sean McGovern <gseanmcg@gmail.com> | 2014-02-01 14:59:50 -0500 |
| commit | d9c82cea11cef662fda21fccbe1a1f62c1689952 (patch) | |
| tree | aa79fac29bcd1a7cfb7e6adc411fb3f18a68c601 | |
| parent | 969028870c6f5a2ed953bfca8cb68c24ffd9c824 (diff) | |
| download | ffmpeg-d9c82cea11cef662fda21fccbe1a1f62c1689952.tar.gz | |
h263: Check init_get_bits return value
And use init_get_bits8 to check for integer overflows while at it.
CC: libav-stable@libav.org
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
| -rw-r--r-- | libavcodec/h263dec.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c index db58fd2e12..47e903aa9c 100644 --- a/libavcodec/h263dec.c +++ b/libavcodec/h263dec.c @@ -384,17 +384,20 @@ uint64_t time= rdtsc(); return buf_size; } + if (s->bitstream_buffer_size && (s->divx_packed || buf_size < 20)) // divx 5.01+/xvid frame reorder + ret = init_get_bits8(&s->gb, s->bitstream_buffer, + s->bitstream_buffer_size); + else + ret = init_get_bits8(&s->gb, buf, buf_size); + s->bitstream_buffer_size = 0; - if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder - init_get_bits(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size*8); - }else - init_get_bits(&s->gb, buf, buf_size*8); - s->bitstream_buffer_size=0; + if (ret < 0) + return ret; - if (!s->context_initialized) { - if (ff_MPV_common_init(s) < 0) //we need the idct permutaton for reading a custom matrix - return -1; - } + if (!s->context_initialized) + // we need the idct permutaton for reading a custom matrix + if ((ret = ff_MPV_common_init(s)) < 0) + return ret; /* We need to set current_picture_ptr before reading the header, * otherwise we cannot store anyting in there */ @@ -414,8 +417,11 @@ uint64_t time= rdtsc(); if(s->avctx->extradata_size && s->picture_number==0){ GetBitContext gb; - init_get_bits(&gb, s->avctx->extradata, s->avctx->extradata_size*8); - ret = ff_mpeg4_decode_picture_header(s, &gb); + ret = init_get_bits8(&gb, s->avctx->extradata, + s->avctx->extradata_size); + if (ret < 0) + return ret; + ff_mpeg4_decode_picture_header(s, &gb); } ret = ff_mpeg4_decode_picture_header(s, &s->gb); } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) { |