On Fri, Aug 27, 2021 at 8:50 AM maryam ebrahimzadeh <me22...@outlook.com> wrote:
> Similar to CVE-2021-38171 as the second argument for init_get_bits(avpkt > and bu$ > a return value check for this function call is necessary. > Also replace init_get_bits with init_get_bits8. > > --- > libavcodec/wmalosslessdec.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c > index 74c91f4f7e..1173ef62c2 100644 > --- a/libavcodec/wmalosslessdec.c > +++ b/libavcodec/wmalosslessdec.c > @@ -1187,6 +1187,7 @@ static int decode_packet(AVCodecContext *avctx, void > *data, int *got_frame_ptr, > const uint8_t* buf = avpkt->data; > int buf_size = avpkt->size; > int num_bits_prev_frame, packet_sequence_number, spliced_packet; > + int ret; > > s->frame->nb_samples = 0; > > @@ -1205,7 +1206,9 @@ static int decode_packet(AVCodecContext *avctx, void > *data, int *got_frame_ptr, > s->buf_bit_size = buf_size << 3; > > /* parse packet header */ > - init_get_bits(gb, buf, s->buf_bit_size); > + ret = init_get_bits8(gb, buf, buf_size); > + if (ret < 0) > + return ret; > packet_sequence_number = get_bits(gb, 4); > skip_bits(gb, 1); // Skip seekable_frame_in_packet, currently > unused > spliced_packet = get_bits1(gb); > @@ -1256,7 +1259,9 @@ static int decode_packet(AVCodecContext *avctx, void > *data, int *got_frame_ptr, > int frame_size; > > s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3; > - init_get_bits(gb, avpkt->data, s->buf_bit_size); > + init_get_bits8(gb, avpkt->data, (avpkt->size - > s->next_packet_start)); > Not using return value here. This patch needs much more work. > + if (ret < 0) > + return ret; > skip_bits(gb, s->packet_offset); > > if (s->len_prefix && remaining_bits(s, gb) > s->log2_frame_size && > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe". > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
