ffmpeg | branch: release/2.6 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Tue May 12 23:49:45 2015 +0200| [ac8339928111314c520d9aa05816dc451d2f8d50] | committer: Andreas Cadhalpun
cafdec: check avio_read return value If avio_read fails, the buffer can contain uninitialized values. Reviewed-by: Carl Eugen Hoyos <ceho...@ag.or.at> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> (cherry picked from commit a3ede6b742f37d511253ab4c2fd98c13203f1cd3) Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ac8339928111314c520d9aa05816dc451d2f8d50 --- libavformat/cafdec.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c index e31c0a5..abbb353 100644 --- a/libavformat/cafdec.c +++ b/libavformat/cafdec.c @@ -129,7 +129,10 @@ static int read_kuki_chunk(AVFormatContext *s, int64_t size) avio_skip(pb, size); return AVERROR_INVALIDDATA; } - avio_read(pb, preamble, ALAC_PREAMBLE); + if (avio_read(pb, preamble, ALAC_PREAMBLE) != ALAC_PREAMBLE) { + av_log(s, AV_LOG_ERROR, "failed to read preamble\n"); + return AVERROR_INVALIDDATA; + } if (ff_alloc_extradata(st->codec, ALAC_HEADER)) return AVERROR(ENOMEM); @@ -144,14 +147,22 @@ static int read_kuki_chunk(AVFormatContext *s, int64_t size) av_freep(&st->codec->extradata); return AVERROR_INVALIDDATA; } - avio_read(pb, st->codec->extradata, ALAC_HEADER); + if (avio_read(pb, st->codec->extradata, ALAC_HEADER) != ALAC_HEADER) { + av_log(s, AV_LOG_ERROR, "failed to read kuki header\n"); + av_freep(&st->codec->extradata); + return AVERROR_INVALIDDATA; + } avio_skip(pb, size - ALAC_PREAMBLE - ALAC_HEADER); } else { AV_WB32(st->codec->extradata, 36); memcpy(&st->codec->extradata[4], "alac", 4); AV_WB32(&st->codec->extradata[8], 0); memcpy(&st->codec->extradata[12], preamble, 12); - avio_read(pb, &st->codec->extradata[24], ALAC_NEW_KUKI - 12); + if (avio_read(pb, &st->codec->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) { + av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n"); + av_freep(&st->codec->extradata); + return AVERROR_INVALIDDATA; + } avio_skip(pb, size - ALAC_NEW_KUKI); } } else { _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog