Maryam Ebrahimzadeh: > Ping. > >> On Aug 3, 2021, at 11:58 AM, maryam ebrahimzadeh <[email protected]> wrote: >> >> As second argument for init_get_bits (buf) can be crafted, return value >> check for this function call is necessary. >> 'buf' is part of 'AVPacket pkt'. >> >> --- >> libavformat/adtsenc.c | 6 ++++-- >> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> diff --git a/libavformat/adtsenc.c b/libavformat/adtsenc.c >> index ba15c0a724..b660618432 100644 >> --- a/libavformat/adtsenc.c >> +++ b/libavformat/adtsenc.c >> @@ -53,9 +53,11 @@ static int adts_decode_extradata(AVFormatContext *s, >> ADTSContext *adts, const ui >> GetBitContext gb; >> PutBitContext pb; >> MPEG4AudioConfig m4ac; >> - int off; >> + int off, ret; >> >> - init_get_bits(&gb, buf, size * 8); >> + ret = init_get_bits(&gb, buf, size * 8); >> + if (ret < 0) >> + return ret; >> off = avpriv_mpeg4audio_get_config2(&m4ac, buf, size, 1, s); >> if (off < 0) >> return off;
This does not check against overflow; use init_get_bits8(). - Andreas _______________________________________________ ffmpeg-devel mailing list [email protected] https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email [email protected] with subject "unsubscribe".
