[FFmpeg-devel] [PATCH V2] lavc/midivid: FIX CID 1456088

[Paul B Mahol]

On 12/22/19, Zhong Li <zhongli_dev at 126.com> wrote:
> Signed-off-by: Zhong Li <zhongli_dev at 126.com>
> ---
>  libavcodec/midivid.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/libavcodec/midivid.c b/libavcodec/midivid.c
> index 38465c5..3dac3f1 100644
> --- a/libavcodec/midivid.c
> +++ b/libavcodec/midivid.c
> @@ -63,17 +63,20 @@ static int decode_mvdv(MidiVidContext *s, AVCodecContext
> *avctx, AVFrame *frame)
>      if (intra_flag) {
>          nb_blocks = (avctx->width / 2) * (avctx->height / 2);
>      } else {
> -        int skip_linesize;
> +        int ret, skip_linesize;
>
>          nb_blocks = bytestream2_get_le32(gb);
>          skip_linesize = avctx->width >> 1;
>          mask_start = gb->buffer_start + bytestream2_tell(gb);
>          mask_size = (avctx->width >> 5) * (avctx->height >> 2);
>
> -        if (bytestream2_get_bytes_left(gb) < mask_size)
> +        ret = bytestream2_get_bytes_left(gb);
> +        if (ret < mask_size)
>              return AVERROR_INVALIDDATA;

Pointless

>
> -        init_get_bits8(&mask, mask_start, mask_size);
> +        ret = init_get_bits8(&mask, mask_start, mask_size);
> +        if (ret < 0)
> +            return AVERROR_INVALIDDATA;

ret should be returned here

>          bytestream2_skip(gb, mask_size);
>          skip = s->skip;
>
> --
> 1.8.3.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".