avcodec/cabac: Check initial cabac decoder state

Fixes integer overflows Fixes: 1430e9c43fae47a24c179c7c54f94918/signal_sigsegv_421427_2340_591e9810c7b09efe501ad84638c9e9f8.264 Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Found-by: xiedingbao (Ticket4727) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2015-11-27 13:37:50 +01:00
parent a1f6b05f52
commit 8000d484b8
5 changed files with 14 additions and 5 deletions
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -2372,9 +2372,11 @@ static int decode_slice(struct AVCodecContext *avctx, void *arg)
        align_get_bits(&sl->gb);

        /* init cabac */
-        ff_init_cabac_decoder(&sl->cabac,
+        ret = ff_init_cabac_decoder(&sl->cabac,
                              sl->gb.buffer + get_bits_count(&sl->gb) / 8,
                              (get_bits_left(&sl->gb) + 7) / 8);
+        if (ret < 0)
+            return ret;

        ff_h264_init_cabac_states(h, sl);