[FFmpeg-cvslog] avcodec/imm4: check cbphi for error

Michael Niedermayer git at videolan.org
Wed Jul 24 17:49:55 EEST 2024 

ffmpeg | branch: release/4.3 | Michael Niedermayer <michael at niedermayer.cc> | Fri Jul  5 02:21:49 2024 +0200| [1736bfa0885aa28aeffc8feb46fff14f8da99890] | committer: Michael Niedermayer

avcodec/imm4: check cbphi for error

Fixes: CID1604356 Overflowed constant
Fixes: CID1604573 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6e4c037833c3ca0e0bd3e348701c4c0dc58bed91)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1736bfa0885aa28aeffc8feb46fff14f8da99890
---

 libavcodec/imm4.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/libavcodec/imm4.c b/libavcodec/imm4.c
index d92bc30ddc..4b04f1342e 100644
--- a/libavcodec/imm4.c
+++ b/libavcodec/imm4.c
@@ -232,12 +232,15 @@ static int decode_intra(AVCodecContext *avctx, GetBitContext *gb, AVFrame *frame
 
     for (y = 0; y < avctx->height; y += 16) {
         for (x = 0; x < avctx->width; x += 16) {
-            unsigned flag, cbphi, cbplo;
+            unsigned flag, cbplo;
+            int cbphi;
 
             cbplo = get_vlc2(gb, cbplo_tab.table, cbplo_tab.bits, 1) >> 4;
             flag = get_bits1(gb);
 
             cbphi = get_cbphi(gb, 1);
+            if (cbphi < 0)
+                return cbphi;
 
             ret = decode_blocks(avctx, gb, cbplo | (cbphi << 2), 0, offset, flag);
             if (ret < 0)
@@ -285,7 +288,8 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
     for (y = 0; y < avctx->height; y += 16) {
         for (x = 0; x < avctx->width; x += 16) {
             int reverse, intra_block, value;
-            unsigned cbphi, cbplo, flag2 = 0;
+            unsigned cbplo, flag2 = 0;
+            int cbphi;
 
             if (get_bits1(gb)) {
                 copy_block16(frame->data[0] + y * frame->linesize[0] + x,
@@ -311,6 +315,9 @@ static int decode_inter(AVCodecContext *avctx, GetBitContext *gb,
 
             cbplo = value >> 4;
             cbphi = get_cbphi(gb, reverse);
+            if (cbphi < 0)
+                return cbphi;
+
             if (intra_block) {
                 ret = decode_blocks(avctx, gb, cbplo | (cbphi << 2), 0, offset, flag2);
                 if (ret < 0)

More information about the ffmpeg-cvslog mailing list