maryam ebrahimzadeh:
> avcodec/vble: Return value check for init_get_bits
>
> As the second argument for init_get_bits can be crafted,
> a return value check for this function call is necessary.
> So replace init_get_bits with init_get_bits8 and remove a duplicate check
> before
> the callsite.
>
> ---
> libavcodec/vble.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/vble.c b/libavcodec/vble.c
> index f1400959e0..c1d3cdcc95 100644
> --- a/libavcodec/vble.c
> +++ b/libavcodec/vble.c
> @@ -127,7 +127,7 @@ static int vble_decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> int ret;
> ThreadFrame frame = { .f = data };
>
> - if (avpkt->size < 4 || avpkt->size - 4 > INT_MAX/8) {
> + if (avpkt->size < 4) {
> av_log(avctx, AV_LOG_ERROR, "Invalid packet size\n");
> return AVERROR_INVALIDDATA;
> }
> @@ -146,7 +146,9 @@ static int vble_decode_frame(AVCodecContext *avctx, void
> *data, int *got_frame,
> if (version != 1)
> av_log(avctx, AV_LOG_WARNING, "Unsupported VBLE Version: %d\n",
> version);
>
> - init_get_bits(&gb, src + 4, (avpkt->size - 4) * 8);
> + ret = init_get_bits8(&gb, src + 4, avpkt->size - 4);
> + if (ret < 0)
> + return ret;
>
> /* Unpack */
> if (vble_unpack(ctx, &gb) < 0) {
>
Checking before the callsite has the advantage of not trying to allocate
a huge buffer that ends up unused. So instead of removing said check it
should be fixed: get_bits.h should properly export the maximum supported
buffer size and that should be checked at the beginning.
- Andreas
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
