subject:"\[libav\-devel\] \[PATCH\] svq3\: fix the slice size check"

Re: [libav-devel] [PATCH] svq3: fix the slice size check

2017-02-14 Thread Luca Barbato

On 14/02/2017 21:02, Anton Khirnov wrote:
> Currently it incorrectly compares bits with bytes.
> 
> Also, move the check right before where it's relevant, so that the
> correct number of remaining bits is used.
> 
> CC: libav-sta...@libav.org
> ---
>  libavcodec/svq3.c | 9 -
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
> index 20c8f89..667d390 100644
> --- a/libavcodec/svq3.c
> +++ b/libavcodec/svq3.c
> @@ -1031,17 +1031,16 @@ static int svq3_decode_slice_header(AVCodecContext 
> *avctx)
>  slice_bits   = slice_length * 8;
>  slice_bytes  = slice_length + length - 1;
>  
> -if (slice_bytes > bitstream_bits_left(>bc)) {
> -av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
> -return -1;
> -}
> -
>  bitstream_skip(>bc, 8);
>  
>  av_fast_malloc(>slice_buf, >slice_size, slice_bytes + 
> AV_INPUT_BUFFER_PADDING_SIZE);
>  if (!s->slice_buf)
>  return AVERROR(ENOMEM);
>  
> +if (slice_bytes * 8 > bitstream_bits_left(>bc)) {
> +av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
> +return AVERROR_INVALIDDATA;
> +}

I'd keep it before the fast malloc though.

lu
___
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH] svq3: fix the slice size check

2017-02-14 Thread Anton Khirnov

Currently it incorrectly compares bits with bytes.

Also, move the check right before where it's relevant, so that the
correct number of remaining bits is used.

CC: libav-sta...@libav.org
---
 libavcodec/svq3.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 20c8f89..667d390 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1031,17 +1031,16 @@ static int svq3_decode_slice_header(AVCodecContext 
*avctx)
 slice_bits   = slice_length * 8;
 slice_bytes  = slice_length + length - 1;
 
-if (slice_bytes > bitstream_bits_left(>bc)) {
-av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
-return -1;
-}
-
 bitstream_skip(>bc, 8);
 
 av_fast_malloc(>slice_buf, >slice_size, slice_bytes + 
AV_INPUT_BUFFER_PADDING_SIZE);
 if (!s->slice_buf)
 return AVERROR(ENOMEM);
 
+if (slice_bytes * 8 > bitstream_bits_left(>bc)) {
+av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
+return AVERROR_INVALIDDATA;
+}
 memcpy(s->slice_buf, s->bc.buffer + bitstream_tell(>bc) / 8, 
slice_bytes);
 
 if (s->watermark_key) {
-- 
2.0.0

___
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

Re: [libav-devel] [PATCH] svq3: fix the slice size check

2017-02-01 Thread Vittorio Giovara

On Wed, Feb 1, 2017 at 11:52 AM, Anton Khirnov  wrote:
> Currently it incorrectly compares bits with bytes.
>
> Also, move the check right before where it's relevant, so that the
> correct number of remaining bits is used.
>
> CC: libav-sta...@libav.org
> ---
>  libavcodec/svq3.c | 9 -
>  1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
> index 8bbd331..f8143a2 100644
> --- a/libavcodec/svq3.c
> +++ b/libavcodec/svq3.c
> @@ -1030,17 +1030,16 @@ static int svq3_decode_slice_header(AVCodecContext 
> *avctx)
>  slice_bits   = slice_length * 8;
>  slice_bytes  = slice_length + length - 1;
>
> -if (slice_bytes > get_bits_left(>gb)) {
> -av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
> -return -1;
> -}
> -
>  skip_bits(>gb, 8);
>
>  av_fast_malloc(>slice_buf, >slice_size, slice_bytes + 
> AV_INPUT_BUFFER_PADDING_SIZE);
>  if (!s->slice_buf)
>  return AVERROR(ENOMEM);
>
> +if (slice_bytes * 8 > get_bits_left(>gb)) {
> +av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
> +return -1;
> +}
>  memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes);
>
>  init_get_bits(>gb_slice, s->slice_buf, slice_bits);
> --

ok, can you also change the returned error to AVERROR_INVALIDDATA?
-- 
Vittorio
___
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

[libav-devel] [PATCH] svq3: fix the slice size check

2017-02-01 Thread Anton Khirnov

Currently it incorrectly compares bits with bytes.

Also, move the check right before where it's relevant, so that the
correct number of remaining bits is used.

CC: libav-sta...@libav.org
---
 libavcodec/svq3.c | 9 -
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/libavcodec/svq3.c b/libavcodec/svq3.c
index 8bbd331..f8143a2 100644
--- a/libavcodec/svq3.c
+++ b/libavcodec/svq3.c
@@ -1030,17 +1030,16 @@ static int svq3_decode_slice_header(AVCodecContext 
*avctx)
 slice_bits   = slice_length * 8;
 slice_bytes  = slice_length + length - 1;
 
-if (slice_bytes > get_bits_left(>gb)) {
-av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
-return -1;
-}
-
 skip_bits(>gb, 8);
 
 av_fast_malloc(>slice_buf, >slice_size, slice_bytes + 
AV_INPUT_BUFFER_PADDING_SIZE);
 if (!s->slice_buf)
 return AVERROR(ENOMEM);
 
+if (slice_bytes * 8 > get_bits_left(>gb)) {
+av_log(avctx, AV_LOG_ERROR, "slice after bitstream end\n");
+return -1;
+}
 memcpy(s->slice_buf, s->gb.buffer + s->gb.index / 8, slice_bytes);
 
 init_get_bits(>gb_slice, s->slice_buf, slice_bits);
-- 
2.0.0

___
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

Re: [libav-devel] [PATCH] svq3: fix the slice size check

[libav-devel] [PATCH] svq3: fix the slice size check

Re: [libav-devel] [PATCH] svq3: fix the slice size check

[libav-devel] [PATCH] svq3: fix the slice size check

4 matches

Site Navigation

Mail list logo

Footer information