Several checks (e.g. when the size of the input packet is too small)
simply used "goto fail", but didn't set the return value appropriately
for an error.
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com>
---
libavcodec/truehd_core_bsf.c | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/libavcodec/truehd_core_bsf.c b/libavcodec/truehd_core_bsf.c
index 83f2b16e3d..f858c2d4d5 100644
--- a/libavcodec/truehd_core_bsf.c
+++ b/libavcodec/truehd_core_bsf.c
@@ -53,8 +53,10 @@ static int truehd_core_filter(AVBSFContext *ctx, AVPacket
*out)
if (ret < 0)
return ret;
- if (in->size < 4)
+ if (in->size < 4) {
+ ret = AVERROR_INVALIDDATA;
goto fail;
+ }
ret = init_get_bits(&gbc, in->data, 32);
if (ret < 0)
@@ -62,8 +64,10 @@ static int truehd_core_filter(AVBSFContext *ctx, AVPacket
*out)
skip_bits(&gbc, 4);
in_size = get_bits(&gbc, 12) * 2;
- if (in_size < 4 || in_size > in->size)
+ if (in_size < 4 || in_size > in->size) {
+ ret = AVERROR_INVALIDDATA;
goto fail;
+ }
out_size = in_size;
dts = get_bits(&gbc, 16);
@@ -73,13 +77,15 @@ static int truehd_core_filter(AVBSFContext *ctx, AVPacket
*out)
goto fail;
if (show_bits_long(&gbc, 32) == 0xf8726fba) {
- if ((ret = ff_mlp_read_major_sync(ctx, &s->hdr, &gbc)) != 0)
+ if ((ret = ff_mlp_read_major_sync(ctx, &s->hdr, &gbc)) < 0)
goto fail;
have_header = 1;
}
- if (s->hdr.num_substreams > MAX_SUBSTREAMS)
+ if (s->hdr.num_substreams > MAX_SUBSTREAMS) {
+ ret = AVERROR_INVALIDDATA;
goto fail;
+ }
for (i = 0; i < s->hdr.num_substreams; i++) {
for (int j = 0; j < 4; j++)
--
2.21.0
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
