[FFmpeg-devel] libavcodec/mpeg12dec.c: Check return value of init_get_bits
Thierry Foucu
tfoucu at gmail.com
Wed Jul 21 01:40:32 EEST 2021
On Mon, Jul 19, 2021 at 3:50 PM Andreas Rheinhardt <
andreas.rheinhardt at outlook.com> wrote:
> Thierry Foucu:
> > ---
> > libavcodec/mpeg12dec.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
> > index b27ed5bd6d..edca202f0e 100644
> > --- a/libavcodec/mpeg12dec.c
> > +++ b/libavcodec/mpeg12dec.c
> > @@ -1341,8 +1341,11 @@ static int mpeg1_decode_picture(AVCodecContext
> *avctx, const uint8_t *buf,
> > Mpeg1Context *s1 = avctx->priv_data;
> > MpegEncContext *s = &s1->mpeg_enc_ctx;
> > int ref, f_code, vbv_delay;
> > + int ret = 0;
> >
> > - init_get_bits(&s->gb, buf, buf_size * 8);
> > + ret = init_get_bits(&s->gb, buf, buf_size * 8);
> > + if (ret < 0)
> > + return ret;
> >
> > ref = get_bits(&s->gb, 10); /* temporal ref */
> > s->pict_type = get_bits(&s->gb, 3);
> >
> Actually, you should use init_get_bits8(), because this checks that
> buf_size * 8 actually fits into an int.
>
Done. Sent new patch
> (Are sizes > 256MiB actually possible for mpeg1/2? I doubt it.)
>
it could happen if the file is broken and the demuxer does not check for
packet size
- Andreas
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
--
Thierry Foucu
More information about the ffmpeg-devel
mailing list