[FFmpeg-devel] [PATCH v2 1/1] avcodec/wmalosslessdec: return value check for init_get_bits
Paul B Mahol
onemda at gmail.com
Sat Aug 28 20:20:14 EEST 2021
On Fri, Aug 27, 2021 at 8:50 AM maryam ebrahimzadeh <me22bee at outlook.com>
wrote:
> Similar to CVE-2021-38171 as the second argument for init_get_bits(avpkt
> and bu$
> a return value check for this function call is necessary.
> Also replace init_get_bits with init_get_bits8.
>
> ---
> libavcodec/wmalosslessdec.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/wmalosslessdec.c b/libavcodec/wmalosslessdec.c
> index 74c91f4f7e..1173ef62c2 100644
> --- a/libavcodec/wmalosslessdec.c
> +++ b/libavcodec/wmalosslessdec.c
> @@ -1187,6 +1187,7 @@ static int decode_packet(AVCodecContext *avctx, void
> *data, int *got_frame_ptr,
> const uint8_t* buf = avpkt->data;
> int buf_size = avpkt->size;
> int num_bits_prev_frame, packet_sequence_number, spliced_packet;
> + int ret;
>
> s->frame->nb_samples = 0;
>
> @@ -1205,7 +1206,9 @@ static int decode_packet(AVCodecContext *avctx, void
> *data, int *got_frame_ptr,
> s->buf_bit_size = buf_size << 3;
>
> /* parse packet header */
> - init_get_bits(gb, buf, s->buf_bit_size);
> + ret = init_get_bits8(gb, buf, buf_size);
> + if (ret < 0)
> + return ret;
> packet_sequence_number = get_bits(gb, 4);
> skip_bits(gb, 1); // Skip seekable_frame_in_packet, currently
> unused
> spliced_packet = get_bits1(gb);
> @@ -1256,7 +1259,9 @@ static int decode_packet(AVCodecContext *avctx, void
> *data, int *got_frame_ptr,
> int frame_size;
>
> s->buf_bit_size = (avpkt->size - s->next_packet_start) << 3;
> - init_get_bits(gb, avpkt->data, s->buf_bit_size);
> + init_get_bits8(gb, avpkt->data, (avpkt->size -
> s->next_packet_start));
>
Not using return value here.
This patch needs much more work.
> + if (ret < 0)
> + return ret;
> skip_bits(gb, s->packet_offset);
>
> if (s->len_prefix && remaining_bits(s, gb) > s->log2_frame_size &&
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
More information about the ffmpeg-devel
mailing list