[FFmpeg-devel] [PATCH v1 1/1] return value check for init_get_bits in adts_decode_extradata

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Wed Aug 4 21:17:02 EEST 2021


Maryam Ebrahimzadeh:
> Ping.
> 
>> On Aug 3, 2021, at 11:58 AM, maryam ebrahimzadeh <me22bee at outlook.com> wrote:
>>
>> As second argument for init_get_bits (buf) can be crafted, return value check for this function call is necessary.
>> 'buf' is  part of  'AVPacket pkt'.
>>
>> ---
>> libavformat/adtsenc.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
>> index ba15c0a724..b660618432 100644
>> --- a/libavformat/adtsenc.c
>> +++ b/libavformat/adtsenc.c
>> @@ -53,9 +53,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
>>     GetBitContext gb;
>>     PutBitContext pb;
>>     MPEG4AudioConfig m4ac;
>> -    int off;
>> +    int off, ret;
>>
>> -    init_get_bits(&gb, buf, size * 8);
>> +    ret = init_get_bits(&gb, buf, size * 8);
>> +    if (ret < 0)
>> +        return ret;
>>     off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
>>     if (off < 0)
>>         return off;

This does not check against overflow; use init_get_bits8().

- Andreas


More information about the ffmpeg-devel mailing list