From d47e14b53a3908e5bad82e22129bbd175b49e89b Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 21 Oct 2013 23:32:56 +0200
Subject: [PATCH] h263dec: use init_get_bits8() and check its return code

Fixes null pointer dereference

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/h263dec.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libavcodec/h263dec.c b/libavcodec/h263dec.c
index 4f544f4e09..1323ca6d83 100644
--- a/libavcodec/h263dec.c
+++ b/libavcodec/h263dec.c
@@ -407,10 +407,12 @@ retry:
     }
 
     if(s->bitstream_buffer_size && (s->divx_packed || buf_size<20)){ //divx 5.01+/xvid frame reorder
-        init_get_bits(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size*8);
+        ret = init_get_bits8(&s->gb, s->bitstream_buffer, s->bitstream_buffer_size);
     }else
-        init_get_bits(&s->gb, buf, buf_size*8);
+        ret = init_get_bits8(&s->gb, buf, buf_size);
     s->bitstream_buffer_size=0;
+    if (ret < 0)
+        return ret;
 
     if (!s->context_initialized) {
         if ((ret = ff_MPV_common_init(s)) < 0) //we need the idct permutaton for reading a custom matrix
@@ -435,8 +437,8 @@ retry:
         if(s->avctx->extradata_size && s->picture_number==0){
             GetBitContext gb;
 
-            init_get_bits(&gb, s->avctx->extradata, s->avctx->extradata_size*8);
-            ret = ff_mpeg4_decode_picture_header(s, &gb);
+            if (init_get_bits8(&gb, s->avctx->extradata, s->avctx->extradata_size) >= 0 )
+                ret = ff_mpeg4_decode_picture_header(s, &gb);
         }
         ret = ff_mpeg4_decode_picture_header(s, &s->gb);
     } else if (CONFIG_H263I_DECODER && s->codec_id == AV_CODEC_ID_H263I) {