[FFmpeg-cvslog] svq3: fix the slice size check
Anton Khirnov
git at videolan.org
Wed Oct 4 02:30:13 EEST 2017
ffmpeg | branch: master | Anton Khirnov <anton at khirnov.net> | Wed Feb 1 11:50:38 2017 +0100| [b2788fe9347c02b1355574f3d28d60bfe1250ea7] | committer: Anton Khirnov
svq3: fix the slice size check
Currently it incorrectly compares bits with bytes.
Also, move the check right before where it's relevant, so that the
correct number of remaining bits is used.
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2788fe9347c02b1355574f3d28d60bfe1250ea7
---
libavcodec/svq3.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 20c8f89e76..667d3906a1 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1031,17 +1031,16 @@ static int svq3_decode_slice_header(AVCodecContext *avctx)
slice_bits = slice_length * 8;
slice_bytes = slice_length + length - 1;
- if (slice_bytes > bitstream_bits_left(&s->bc)) {
- av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
- return -1;
- }
-
bitstream_skip(&s->bc, 8);
av_fast_malloc(&s->slice_buf, &s->slice_size, slice_bytes + AV_INPUT_BUFFER_PADDING_SIZE);
if (!s->slice_buf)
return AVERROR(ENOMEM);
+ if (slice_bytes * 8 > bitstream_bits_left(&s->bc)) {
+ av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
+ return AVERROR_INVALIDDATA;
+ }
memcpy(s->slice_buf, s->bc.buffer + bitstream_tell(&s->bc) / 8, slice_bytes);
if (s->watermark_key) {
More information about the ffmpeg-cvslog
mailing list