avcodec/cabac: Check initial cabac decoder state

Fixes integer overflows
Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Found-by: xiedingbao (Ticket4727)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 8000d484b83aafa752d84fbdbfb352ffe0dc64f8)

Conflicts:

	libavcodec/cabac.h

Conflicts:

	libavcodec/h264_cabac.c
	libavcodec/h264_slice.c

1 files changed, 4 insertions, 1 deletions

diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index 5de2fcda68..57a135efc6 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -2442,13 +2442,16 @@ static int decode_slice(struct AVCodecContext *avctx, void *arg)
     }
 
     if (h->pps.cabac) {
+        int ret;
         /* realign */
         align_get_bits(&h->gb);
 
         /* init cabac */
-        ff_init_cabac_decoder(&h->cabac,
+        ret = ff_init_cabac_decoder(&h->cabac,
                               h->gb.buffer + get_bits_count(&h->gb) / 8,
                               (get_bits_left(&h->gb) + 7) / 8);
+        if (ret < 0)
+            return ret;
 
         ff_h264_init_cabac_states(h);