[FFmpeg-devel] [PATCH v1 1/1] return value check for init_get_bits in adts_decode_extradata
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Wed Aug 4 21:17:02 EEST 2021
Maryam Ebrahimzadeh:
> Ping.
>
>> On Aug 3, 2021, at 11:58 AM, maryam ebrahimzadeh <me22bee at outlook.com> wrote:
>>
>> As second argument for init_get_bits (buf) can be crafted, return value check for this function call is necessary.
>> 'buf' is part of 'AVPacket pkt'.
>>
>> ---
>> libavformat/adtsenc.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c
>> index ba15c0a724..b660618432 100644
>> --- a/libavformat/adtsenc.c
>> +++ b/libavformat/adtsenc.c
>> @@ -53,9 +53,11 @@ static int adts_decode_extradata(AVFormatContext *s, ADTSContext *adts, const ui
>> GetBitContext gb;
>> PutBitContext pb;
>> MPEG4AudioConfig m4ac;
>> - int off;
>> + int off, ret;
>>
>> - init_get_bits(&gb, buf, size * 8);
>> + ret = init_get_bits(&gb, buf, size * 8);
>> + if (ret < 0)
>> + return ret;
>> off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s);
>> if (off < 0)
>> return off;
This does not check against overflow; use init_get_bits8().
- Andreas
More information about the ffmpeg-devel
mailing list