h263dec: use init_get_bits8() and check its return code
authorMichael Niedermayer <michaelni@gmx.at>
Mon, 21 Oct 2013 21:32:56 +0000 (23:32 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Mon, 21 Oct 2013 21:37:49 +0000 (23:37 +0200)
Fixes null pointer dereference

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/h263dec.c

index 4f544f4..1323ca6 100644 (file)
@@ -407,10 +407,12 @@ retry:
     }
 
     if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder
-        init_get_bits(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size*8);
+        ret = init_get_bits8(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size);
     }else
-        init_get_bits(&s->gb, buf, buf_size*8);
+        ret = init_get_bits8(&s->gb, buf, buf_size);
     s->bitstream_buffer_size=0;
+    if (ret < 0)
+        return ret;
 
     if (!s->context_initialized) {
         if ((ret = ff_MPV_common_init(s)) < 0) //we need the idct permutaton for reading a custom matrix
@@ -435,8 +437,8 @@ retry:
         if(s->avctx->extradata_size && s->picture_number==0){
             GetBitContext gb;
 
-            init_get_bits(&gb, s->avctx->extradata, s->avctx->extradata_size*8);
-            ret = ff_mpeg4_decode_picture_header(s, &gb);
+            if (init_get_bits8(&gb, s->avctx->extradata, s->avctx->extradata_size) >= 0 )
+                ret = ff_mpeg4_decode_picture_header(s, &gb);
         }
         ret = ff_mpeg4_decode_picture_header(s, &s->gb);
     } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) {