On Wed, Feb 1, 2017 at 11:52 AM, Anton Khirnov <an...@khirnov.net> wrote:
> Currently it incorrectly compares bits with bytes.
>
> Also, move the check right before where it's relevant, so that the
> correct number of remaining bits is used.
>
> CC: libav-sta...@libav.org
> ---
> libavcodec/svq3.c | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
> index 8bbd331..f8143a2 100644
> --- a/libavcodec/svq3.c
> +++ b/libavcodec/svq3.c
> @@ -1030,17 +1030,16 @@ static int svq3_decode_slice_header(AVCodecContext
> *avctx)
> slice_bits = slice_length * 8;
> slice_bytes = slice_length + length - 1;
>
> - if (slice_bytes > get_bits_left(&s->gb)) {
> - av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
> - return -1;
> - }
> -
> skip_bits(&s->gb, 8);
>
> av_fast_malloc(&s->slice_buf, &s->slice_size, slice_bytes +
> AV_INPUT_BUFFER_PADDING_SIZE);
> if (!s->slice_buf)
> return AVERROR(ENOMEM);
>
> + if (slice_bytes * 8 > get_bits_left(&s->gb)) {
> + av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
> + return -1;
> + }
> memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes);
>
> init_get_bits(&s->gb_slice, s->slice_buf, slice_bits);
> --
ok, can you also change the returned error to AVERROR_INVALIDDATA?
--
Vittorio
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
