ac3_parser: Check init_get_bits8() for failure

Michael Niedermayer Wed, 27 Jun 2018 11:13:03 -0700

Fixes: null pointer dereference
Fixes: ffmpeg_crash_6.avi

Found-by: Thuan Pham, Marcel Böhme, Andrew Santosa and Alexandru Razvan 
Caciulescu with AFLSmart
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavcodec/ac3_parser.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)


diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
index f4618bf215..1e203ae6ac 100644
--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -162,7 +162,9 @@ int avpriv_ac3_parse_header(AC3HeaderInfo **phdr, const 
uint8_t *buf,
         return AVERROR(ENOMEM);
     hdr = *phdr;
 
-    init_get_bits8(&gb, buf, size);
+    err = init_get_bits8(&gb, buf, size);
+    if (err < 0)
+        return AVERROR_INVALIDDATA;
     err = ff_ac3_parse_header(&gb, hdr);
     if (err < 0)
         return AVERROR_INVALIDDATA;
-- 
2.18.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH 5/8] avcodec/ac3_parser: Check init_get_bits8() for failure

Reply via email to