On Fri, May 17, 2024 at 09:53:21AM +0200, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Fixes: CID1473562 Unchecked return value
> > Fixes: CID1473592 Unchecked return value
> >
> > Sponsored-by: Sovereign Tech Fund
> > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
> > ---
> > libavcodec/sga.c | 10 ++++++++--
> > 1 file changed, 8 insertions(+), 2 deletions(-)
> >
> > diff --git a/libavcodec/sga.c b/libavcodec/sga.c
> > index 0f42cf912b2..aca941e057e 100644
> > --- a/libavcodec/sga.c
> > +++ b/libavcodec/sga.c
> > @@ -254,11 +254,14 @@ static int decode_palmapdata(AVCodecContext *avctx)
> > const int bits = (s->nb_pal + 1) / 2;
> > GetByteContext *gb = &s->gb;
> > GetBitContext pm;
> > + int ret;
> >
> > bytestream2_seek(gb, s->palmapdata_offset, SEEK_SET);
> > if (bytestream2_get_bytes_left(gb) < s->palmapdata_size)
> > return AVERROR_INVALIDDATA;
> > - init_get_bits8(&pm, gb->buffer, s->palmapdata_size);
> > + ret = init_get_bits8(&pm, gb->buffer, s->palmapdata_size);
> > + if (ret < 0)
> > + return ret;
> >
> > for (int y = 0; y < s->tiles_h; y++) {
> > uint8_t *dst = s->palmapindex_data + y * s->tiles_w;
> > @@ -277,11 +280,14 @@ static int decode_tiledata(AVCodecContext *avctx)
> > SGAVideoContext *s = avctx->priv_data;
> > GetByteContext *gb = &s->gb;
> > GetBitContext tm;
> > + int ret;
> >
> > bytestream2_seek(gb, s->tiledata_offset, SEEK_SET);
> > if (bytestream2_get_bytes_left(gb) < s->tiledata_size)
> > return AVERROR_INVALIDDATA;
> > - init_get_bits8(&tm, gb->buffer, s->tiledata_size);
> > + ret = init_get_bits8(&tm, gb->buffer, s->tiledata_size);
> > + if (ret < 0)
> > + return ret;
> >
> > for (int n = 0; n < s->nb_tiles; n++) {
> > uint8_t *dst = s->tileindex_data + n * 64;
>
> Both of these can not fail and could be checked via av_assert1:
> palmapdata_size is given by (s->tiles_w * s->tiles_h * ((s->nb_pal + 1)
> / 2) + 7) / 8 with tiles_w and tiles_h being in the 0..255 range and
> nb_pal being in the 0..4 range.
> tiledata_size is given by s->nb_tiles * 32; nb_tiles fits in 16 bits (it
> is either read via AV_RB16 or is given as the product of tiles_h *
> tiles_w, both of which are read from simple uint8_t.ill use av_assert1() thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When you are offended at any man's fault, turn to yourself and study your own failings. Then you will forget your anger. -- Epictetus
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
