Commit d47e14b5 authored by Michael Niedermayer's avatar Michael Niedermayer

h263dec: use init_get_bits8() and check its return code

Fixes null pointer dereference
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 7e3e6536
...@@ -407,10 +407,12 @@ retry: ...@@ -407,10 +407,12 @@ retry:
} }
if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder
init_get_bits(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size*8); ret = init_get_bits8(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size);
}else }else
init_get_bits(&s->gb, buf, buf_size*8); ret = init_get_bits8(&s->gb, buf, buf_size);
s->bitstream_buffer_size=0; s->bitstream_buffer_size=0;
if (ret < 0)
return ret;
if (!s->context_initialized) { if (!s->context_initialized) {
if ((ret = ff_MPV_common_init(s)) < 0) //we need the idct permutaton for reading a custom matrix if ((ret = ff_MPV_common_init(s)) < 0) //we need the idct permutaton for reading a custom matrix
...@@ -435,8 +437,8 @@ retry: ...@@ -435,8 +437,8 @@ retry:
if(s->avctx->extradata_size && s->picture_number==0){ if(s->avctx->extradata_size && s->picture_number==0){
GetBitContext gb; GetBitContext gb;
init_get_bits(&gb, s->avctx->extradata, s->avctx->extradata_size*8); if (init_get_bits8(&gb, s->avctx->extradata, s->avctx->extradata_size) >= 0 )
ret = ff_mpeg4_decode_picture_header(s, &gb); ret = ff_mpeg4_decode_picture_header(s, &gb);
} }
ret = ff_mpeg4_decode_picture_header(s, &s->gb); ret = ff_mpeg4_decode_picture_header(s, &s->gb);
} else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) { } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment