lavc: check for overflow in init_get_bits

Fix an undefined behaviour and make the function return a proper
error in case of overflow.

CC: libav-stable@libav.org

libavcodec/get_bits.h

@@ -362,20 +362,27 @@ static inline int check_marker(GetBitContext *s, const char *msg)
 }
 
 /**
- * Inititalize GetBitContext.
+ * Initialize GetBitContext.
- * @param buffer bitstream buffer, must be FF_INPUT_BUFFER_PADDING_SIZE bytes larger than the actual read bits
+ * @param buffer bitstream buffer, must be FF_INPUT_BUFFER_PADDING_SIZE bytes
- * because some optimized bitstream readers read 32 or 64 bit at once and could read over the end
+ *        larger than the actual read bits because some optimized bitstream
+ *        readers read 32 or 64 bit at once and could read over the end
  * @param bit_size the size of the buffer in bits
+ * @return 0 on success, AVERROR_INVALIDDATA if the buffer_size would overflow.
  */
-static inline void init_get_bits(GetBitContext *s, const uint8_t *buffer,
+static inline int init_get_bits(GetBitContext *s, const uint8_t *buffer,
                                 int bit_size)
 {
-    int buffer_size = (bit_size+7)>>3;
+    int buffer_size;
-    if (buffer_size < 0 || bit_size < 0) {
+    int ret = 0;
+
+    if (bit_size > INT_MAX - 7 || bit_size <= 0) {
         buffer_size = bit_size = 0;
         buffer = NULL;
+        ret = AVERROR_INVALIDDATA;
     }
 
+    buffer_size = (bit_size + 7) >> 3;
+
     s->buffer       = buffer;
     s->size_in_bits = bit_size;
 #if !UNCHECKED_BITSTREAM_READER
@@ -383,6 +390,7 @@ static inline void init_get_bits(GetBitContext *s, const uint8_t *buffer,
 #endif
     s->buffer_end   = buffer + buffer_size;
     s->index        = 0;
+    return ret;
 }
 
 static inline void align_get_bits(GetBitContext *s)