return AVERROR_INVALIDDATA;
}
if(!get_bits1(gb)){ //Leaf
- if(hc->current >= 256){
+ if(hc->current >= hc->length){
av_log(NULL, AV_LOG_ERROR, "Tree size exceeded!\n");
return AVERROR_INVALIDDATA;
}
if(get_bits1(gb)) {
res = smacker_decode_tree(gb, &tmp1, 0, 0);
- if (res < 0)
- return res;
+ if (res < 0) {
+ err = res;
+ goto error;
+ }
skip_bits1(gb);
if(tmp1.current > 1) {
res = init_vlc(&vlc[0], SMKTREE_BITS, tmp1.length,
}
if(get_bits1(gb)){
res = smacker_decode_tree(gb, &tmp2, 0, 0);
- if (res < 0)
- return res;
+ if (res < 0) {
+ err = res;
+ goto error;
+ }
skip_bits1(gb);
if(tmp2.current > 1) {
res = init_vlc(&vlc[1], SMKTREE_BITS, tmp2.length,
if(ctx.last[0] == -1) ctx.last[0] = huff.current++;
if(ctx.last[1] == -1) ctx.last[1] = huff.current++;
if(ctx.last[2] == -1) ctx.last[2] = huff.current++;
- if(huff.current > huff.length){
- ctx.last[0] = ctx.last[1] = ctx.last[2] = 1;
- av_log(smk->avctx, AV_LOG_ERROR, "bigtree damaged\n");
- return AVERROR_INVALIDDATA;
- }
if (ctx.last[0] >= huff.length ||
ctx.last[1] >= huff.length ||
ctx.last[2] >= huff.length) {
full_size = AV_RL32(smk->avctx->extradata + 8);
type_size = AV_RL32(smk->avctx->extradata + 12);
- init_get_bits(&gb, smk->avctx->extradata + 16, (smk->avctx->extradata_size - 16) * 8);
+ init_get_bits8(&gb, smk->avctx->extradata + 16, smk->avctx->extradata_size - 16);
if(!get_bits1(&gb)) {
av_log(smk->avctx, AV_LOG_INFO, "Skipping MMAP tree\n");
last_reset(smk->mclr_tbl, smk->mclr_last);
last_reset(smk->full_tbl, smk->full_last);
last_reset(smk->type_tbl, smk->type_last);
- init_get_bits(&gb, avpkt->data + 769, (avpkt->size - 769) * 8);
+ if ((ret = init_get_bits8(&gb, avpkt->data + 769, avpkt->size - 769)) < 0)
+ return ret;
blk = 0;
bw = avctx->width >> 2;
return AVERROR_INVALIDDATA;
}
- init_get_bits(&gb, buf + 4, (buf_size - 4) * 8);
+ if ((ret = init_get_bits8(&gb, buf + 4, buf_size - 4)) < 0)
+ return ret;
if(!get_bits1(&gb)){
av_log(avctx, AV_LOG_INFO, "Sound: no data\n");
projects / ffmpeg / blobdiff