[FFmpeg-devel] [PATCH v1 1/1] avcodec/vble: Return value check for init_get_bits

Mon Aug 30 06:56:49 EEST 2021

avcodec/vble: Return value check for init_get_bits

Similar to CVE-2021-38171 as the second argument for init_get_bits()
can be crafted, a return value check for this function call is necessary.
Also replace init_get_bits with init_get_bits8.

---
 libavcodec/vble.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vble.c b/libavcodec/vble.c
index f1400959e0..041a203fe9 100644
--- a/libavcodec/vble.c
+++ b/libavcodec/vble.c
@@ -146,7 +146,9 @@ static int vble_decode_frame(AVCodecContext *avctx, void *data, int *got_frame,
     if (version != 1)
         av_log(avctx, AV_LOG_WARNING, "Unsupported VBLE Version: %d\n", version);
 
-    init_get_bits(&gb, src + 4, (avpkt->size - 4) * 8);
+    ret = init_get_bits8(&gb, src + 4, avpkt->size - 4);
+    if (ret < 0)
+        return ret;
 
     /* Unpack */
     if (vble_unpack(ctx, &gb) < 0) {
-- 
2.17.1

