[FFmpeg-devel] [PATCH V2] lavc/midivid: FIX CID 1456088

Sun Dec 22 17:29:20 EET 2019

On 12/22/2019 12:26 PM, Zhong Li wrote:
> Signed-off-by: Zhong Li <zhongli_dev at 126.com>
> ---
>  libavcodec/midivid.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/midivid.c b/libavcodec/midivid.c
> index 38465c5..3dac3f1 100644
> --- a/libavcodec/midivid.c
> +++ b/libavcodec/midivid.c
> @@ -63,17 +63,20 @@ static int decode_mvdv(MidiVidContext *s, AVCodecContext *avctx, AVFrame *frame)
>      if (intra_flag) {
>          nb_blocks = (avctx->width / 2) * (avctx->height / 2);
>      } else {
> -        int skip_linesize;
> +        int ret, skip_linesize;
>  
>          nb_blocks = bytestream2_get_le32(gb);
>          skip_linesize = avctx->width >> 1;
>          mask_start = gb->buffer_start + bytestream2_tell(gb);
>          mask_size = (avctx->width >> 5) * (avctx->height >> 2);
>  
> -        if (bytestream2_get_bytes_left(gb) < mask_size)
> +        ret = bytestream2_get_bytes_left(gb);
> +        if (ret < mask_size)

What is this fixing?

>              return AVERROR_INVALIDDATA;
>  
> -        init_get_bits8(&mask, mask_start, mask_size);
> +        ret = init_get_bits8(&mask, mask_start, mask_size);
> +        if (ret < 0)
> +            return AVERROR_INVALIDDATA;
>          bytestream2_skip(gb, mask_size);
>          skip = s->skip;
>  
> 