On Thu, Aug 12, 2021 at 6:52 AM maryam ebrahimzadeh <me22...@outlook.com> wrote: > > --- > libavcodec/wmadec.c | 15 +++++++++++---- > 1 file changed, 11 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c > index d627bbe50e..6ac6221d11 100644 > --- a/libavcodec/wmadec.c > +++ b/libavcodec/wmadec.c > @@ -904,8 +907,10 @@ static int wma_decode_superframe(AVCodecContext *avctx, > void *data, > memset(q, 0, AV_INPUT_BUFFER_PADDING_SIZE); > > /* XXX: bit_offset bits into last frame */ > - init_get_bits(&s->gb, s->last_superframe, > - s->last_superframe_len * 8 + bit_offset); > + ret = init_get_bits8(&s->gb, s->last_superframe, > + (s->last_superframe_len * 8 + bit_offset)/8); > + if (ret < 0) > + return ret;
This part uses an actual bit count to limit the reader (from bit_offset), by using init_get_bit8 here, the number is effectively rounded and may not be accurate anymore. last_superframe_len is also bound-checked at the beginning of the block already, so this is not going to exceed the buffer size, and therefor no change is needed. - Hendrik _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
