From c466eb174699bd912b9cf601e5b1a5da87e83a33 Mon Sep 17 00:00:00 2001 From: Janne Grunau Date: Wed, 10 Oct 2012 19:47:05 +0200 Subject: flashsv: propagate inflateReset() errors Fixes CID717493. --- libavcodec/flashsv.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) (limited to 'libavcodec/flashsv.c') diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c index 1f21c8bd29..6052ecdf82 100644 --- a/libavcodec/flashsv.c +++ b/libavcodec/flashsv.c @@ -121,10 +121,11 @@ static av_cold int flashsv_decode_init(AVCodecContext *avctx) } -static void flashsv2_prime(FlashSVContext *s, uint8_t *src, - int size, int unp_size) +static int flashsv2_prime(FlashSVContext *s, uint8_t *src, + int size, int unp_size) { z_stream zs; + int zret; // Zlib return code zs.zalloc = NULL; zs.zfree = NULL; @@ -144,13 +145,18 @@ static void flashsv2_prime(FlashSVContext *s, uint8_t *src, deflate(&zs, Z_SYNC_FLUSH); deflateEnd(&zs); - inflateReset(&s->zstream); + if ((zret = inflateReset(&s->zstream)) != Z_OK) { + av_log(s->avctx, AV_LOG_ERROR, "Inflate reset error: %d\n", zret); + return AVERROR_UNKNOWN; + } s->zstream.next_in = s->deflate_block; s->zstream.avail_in = s->deflate_block_size - zs.avail_out; s->zstream.next_out = s->tmpblock; s->zstream.avail_out = s->block_size * 3; inflate(&s->zstream, Z_SYNC_FLUSH); + + return 0; } static int flashsv_decode_block(AVCodecContext *avctx, AVPacket *avpkt, @@ -163,11 +169,14 @@ static int flashsv_decode_block(AVCodecContext *avctx, AVPacket *avpkt, int k; int ret = inflateReset(&s->zstream); if (ret != Z_OK) { - //return -1; + av_log(avctx, AV_LOG_ERROR, "Inflate reset error: %d\n", ret); + return AVERROR_UNKNOWN; } if (s->zlibprime_curr || s->zlibprime_prev) { - flashsv2_prime(s, s->blocks[blk_idx].pos, s->blocks[blk_idx].size, + ret = flashsv2_prime(s, s->blocks[blk_idx].pos, s->blocks[blk_idx].size, s->blocks[blk_idx].unp_size); + if (ret < 0) + return ret; } s->zstream.next_in = avpkt->data + get_bits_count(gb) / 8; s->zstream.avail_in = block_size; -- cgit v1.2.3