On Aug 12, 2021, at 10:23 AM, Hendrik Leppkes
<h.lepp...@gmail.com<mailto:h.lepp...@gmail.com>> wrote:
On Thu, Aug 12, 2021 at 6:48 AM maryam ebrahimzadeh
<me22...@outlook.com<mailto:me22...@outlook.com>> wrote:
As the second argument for init_get_bits can be crafted, a return value check
for this function call is necessary so replace init_get_bits with
init_get_bits8.
---
libavcodec/wmv2dec.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/wmv2dec.c b/libavcodec/wmv2dec.c
index c500e3e779..73da73c02c 100644
--- a/libavcodec/wmv2dec.c
+++ b/libavcodec/wmv2dec.c
@@ -101,12 +101,14 @@ static int decode_ext_header(Wmv2Context *w)
GetBitContext gb;
int fps;
int code;
+ int ret;
if (s->avctx->extradata_size < 4)
return AVERROR_INVALIDDATA;
- init_get_bits(&gb, s->avctx->extradata, 32);
-
+ ret = init_get_bits8(&gb, s->avctx->extradata, 4);
+ if (ret < 0)
+ return ret;
This is a fixed size, the buffer size is checked right above, what
exactly would the error condition be here?
Init_get_bits8 checks for overflow and some other conditions (in
init_get_bits_xe ) too.
- Hendrik
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org<mailto:ffmpeg-devel@ffmpeg.org>
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org<mailto:ffmpeg-devel-requ...@ffmpeg.org> with
subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
