On Wed, Feb 1, 2017 at 11:52 AM, Anton Khirnov <an...@khirnov.net> wrote: > Currently it incorrectly compares bits with bytes. > > Also, move the check right before where it's relevant, so that the > correct number of remaining bits is used. > > CC: libav-sta...@libav.org > --- > libavcodec/svq3.c | 9 ++++----- > 1 file changed, 4 insertions(+), 5 deletions(-) > > diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c > index 8bbd331..f8143a2 100644 > --- a/libavcodec/svq3.c > +++ b/libavcodec/svq3.c > @@ -1030,17 +1030,16 @@ static int svq3_decode_slice_header(AVCodecContext > *avctx) > slice_bits = slice_length * 8; > slice_bytes = slice_length + length - 1; > > - if (slice_bytes > get_bits_left(&s->gb)) { > - av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n"); > - return -1; > - } > - > skip_bits(&s->gb, 8); > > av_fast_malloc(&s->slice_buf, &s->slice_size, slice_bytes + > AV_INPUT_BUFFER_PADDING_SIZE); > if (!s->slice_buf) > return AVERROR(ENOMEM); > > + if (slice_bytes * 8 > get_bits_left(&s->gb)) { > + av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n"); > + return -1; > + } > memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes); > > init_get_bits(&s->gb_slice, s->slice_buf, slice_bits); > --
ok, can you also change the returned error to AVERROR_INVALIDDATA? -- Vittorio _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel