[FFmpeg-cvslog] h263: Check init_get_bits return value

Michael Niedermayer git at videolan.org
Mon Oct 28 12:15:22 CET 2013 

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Oct 26 19:02:34 2013 +0200| [aaaf2dc023d31f30eeec874f24b50f44b9295185] | committer: Luca Barbato

h263: Check init_get_bits return value

And use init_get_bits8 to check for integer overflows while at it.

CC: libav-stable at libav.org
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=aaaf2dc023d31f30eeec874f24b50f44b9295185
---

 libavcodec/h263dec.c |   17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index a1c7b00..8060d8f 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -405,12 +405,15 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     }
 
     if (s->bitstream_buffer_size && (s->divx_packed || buf_size < 20)) // divx 5.01+/xvid frame reorder
-        init_get_bits(&s->gb, s->bitstream_buffer,
-                      s->bitstream_buffer_size * 8);
+        ret = init_get_bits8(&s->gb, s->bitstream_buffer,
+                             s->bitstream_buffer_size);
     else
-        init_get_bits(&s->gb, buf, buf_size * 8);
+        ret = init_get_bits8(&s->gb, buf, buf_size);
     s->bitstream_buffer_size = 0;
 
+    if (ret < 0)
+        return ret;
+
     if (!s->context_initialized)
         // we need the idct permutaton for reading a custom matrix
         if ((ret = ff_MPV_common_init(s)) < 0)
@@ -434,9 +437,11 @@ int ff_h263_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
         if (s->avctx->extradata_size && s->picture_number == 0) {
             GetBitContext gb;
 
-            init_get_bits(&gb, s->avctx->extradata,
-                          s->avctx->extradata_size * 8);
-            ret = ff_mpeg4_decode_picture_header(s, &gb);
+            ret = init_get_bits8(&gb, s->avctx->extradata,
+                                 s->avctx->extradata_size);
+            if (ret < 0)
+                return ret;
+            ff_mpeg4_decode_picture_header(s, &gb);
         }
         ret = ff_mpeg4_decode_picture_header(s, &s->gb);
     } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) {

More information about the ffmpeg-cvslog mailing list