[FFmpeg-devel] [PATCH v1 04/10] return value check for init_get_bits in wmadec.c
Hendrik Leppkes
h.leppkes at gmail.com
Thu Aug 12 09:03:37 EEST 2021
On Thu, Aug 12, 2021 at 6:52 AM maryam ebrahimzadeh <me22bee at outlook.com> wrote:
>
> ---
> libavcodec/wmadec.c | 15 +++++++++++----
> 1 file changed, 11 insertions(+), 4 deletions(-)
>
> diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c
> index d627bbe50e..6ac6221d11 100644
> --- a/libavcodec/wmadec.c
> +++ b/libavcodec/wmadec.c
> @@ -904,8 +907,10 @@ static int wma_decode_superframe(AVCodecContext *avctx, void *data,
> memset(q, 0, AV_INPUT_BUFFER_PADDING_SIZE);
>
> /* XXX: bit_offset bits into last frame */
> - init_get_bits(&s->gb, s->last_superframe,
> - s->last_superframe_len * 8 + bit_offset);
> + ret = init_get_bits8(&s->gb, s->last_superframe,
> + (s->last_superframe_len * 8 + bit_offset)/8);
> + if (ret < 0)
> + return ret;
This part uses an actual bit count to limit the reader (from
bit_offset), by using init_get_bit8 here, the number is effectively
rounded and may not be accurate anymore.
last_superframe_len is also bound-checked at the beginning of the
block already, so this is not going to exceed the buffer size, and
therefor no change is needed.
- Hendrik
More information about the ffmpeg-devel
mailing list