Skip to content
Permalink
Browse files Browse the repository at this point in the history
avcodec/dnxhddec: check and propagate function return value
Similar to CVE-2013-0868, here return value check for 'init_vlc' is needed.
crafted DNxHD data can cause unspecified impact.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: James Almer <jamrial@gmail.com>
  • Loading branch information
maryam ebr authored and jamrial committed Aug 3, 2021
1 parent c8b1f2b commit 7150f95
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions libavcodec/dnxhddec.c
Expand Up @@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx)

static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
{
int ret;
if (cid != ctx->cid) {
const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid);

Expand All @@ -132,19 +133,26 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth)
ff_free_vlc(&ctx->dc_vlc);
ff_free_vlc(&ctx->run_vlc);

init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257,
ctx->cid_table->ac_bits, 1, 1,
ctx->cid_table->ac_codes, 2, 2, 0);
init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
ctx->cid_table->ac_codes, 2, 2, 0)) < 0)
goto out;
if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12,
ctx->cid_table->dc_bits, 1, 1,
ctx->cid_table->dc_codes, 1, 1, 0);
init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
ctx->cid_table->dc_codes, 1, 1, 0)) < 0)
goto out;
if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62,
ctx->cid_table->run_bits, 1, 1,
ctx->cid_table->run_codes, 2, 2, 0);
ctx->cid_table->run_codes, 2, 2, 0)) < 0)
goto out;

ctx->cid = cid;
}
return 0;
ret = 0;
out:
if (ret < 0)
av_log(ctx->avctx, AV_LOG_ERROR, "init_vlc failed\n");
return ret;
}

static int dnxhd_get_profile(int cid)
Expand Down

1 comment on commit 7150f95

@meweez
Copy link
Contributor

@meweez meweez commented on 7150f95 Aug 5, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CVE-2021-38114 reserved.

Please sign in to comment.