From: maryam ebr <me22...@outlook.com>
Hello,
similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.
---
libavcodec/dnxhddec.c | 21 ++++++++++++++-------
1 file changed, 14 insertions(+), 7 deletions(-)
diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c
index c3eca7becf..cdd9eed62a 100644
--- a/libavcodec/dnxhddec.c
+++ b/libavcodec/dnxhddec.c
@@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)
static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
{
+ int ret;
if (cid != ctx->cid) {
const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid);
@@ -132,19 +133,25 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t
cid, int bitdepth)
ff_free_vlc(&ctx->dc_vlc);
ff_free_vlc(&ctx->run_vlc);
- init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
+ if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
ctx->cid_table->ac_bits, 1, 1,
- ctx->cid_table->ac_codes, 2, 2, 0);
- init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
+ ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
+ goto out;
+ if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14
: 12,
ctx->cid_table->dc_bits, 1, 1,
- ctx->cid_table->dc_codes, 1, 1, 0);
- init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
+ ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
+ goto out;
+ if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
ctx->cid_table->run_bits, 1, 1,
- ctx->cid_table->run_codes, 2, 2, 0);
+ ctx->cid_table->run_codes, 2, 2, 0)) < 0)
+ goto out;
ctx->cid = cid;
}
- return 0;
+ ret = 0;
+out:
+ av_log(ctx->avctx, AV_LOG_ERROR, "Corrupted, Problem in init_vlc");
+ return ret;
}
static int dnxhd_get_profile(int cid)
--
2.17.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
