[FFmpeg-devel] [PATCH v1 07/10] return value check for init_get_bits in vc1dec.c

Maryam Ebrahimzadeh me22bee at outlook.com
Thu Aug 12 09:02:20 EEST 2021


I choose them because their second argument can be crafted.

On Aug 12, 2021, at 10:29 AM, Hendrik Leppkes <h.leppkes at gmail.com<mailto:h.leppkes at gmail.com>> wrote:

On Thu, Aug 12, 2021 at 6:53 AM maryam ebrahimzadeh <me22bee at outlook.com<mailto:me22bee at outlook.com>> wrote:

---
libavcodec/vc1dec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 1fb1950ade..07d60294f2 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -444,7 +444,9 @@ static av_cold int vc1_decode_init(AVCodecContext *avctx)
        // the last byte of the extradata is a version number, 1 for the
        // samples we can decode

-        init_get_bits(&gb, avctx->extradata, avctx->extradata_size*8);
+        ret = init_get_bits8(&gb, avctx->extradata, avctx->extradata_size);
+        if (ret < 0)
+            return ret;

        if ((ret = ff_vc1_decode_sequence_header(avctx, v, &gb)) < 0)
          return ret;
@@ -771,7 +773,9 @@ static int vc1_decode_frame(AVCodecContext *avctx, void *data,
        }
        init_get_bits(&s->gb, buf2, buf_size2*8);
    } else
-        init_get_bits(&s->gb, buf, buf_size*8);
+        ret = init_get_bits8(&s->gb, buf, buf_size);
+        if (ret < 0)
+            return ret;

    if (v->res_sprite) {
        v->new_sprite  = !get_bits1(&s->gb);

There is a whole bunch of other cases in vc1dec.c, I can even see one
in the patch context there. Any reason you picked only these two to
change?

- Hendrik
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel at ffmpeg.org<mailto:ffmpeg-devel at ffmpeg.org>
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request at ffmpeg.org<mailto:ffmpeg-devel-request at ffmpeg.org> with subject "unsubscribe".



More information about the ffmpeg-devel mailing list