key is initialized

Marton Balint Wed, 23 Jul 2025 15:54:09 -0700


On Wed, 23 Jul 2025, Tomas Härdin wrote:

ons 2025-07-23 klockan 13:45 +0200 skrev Michael Niedermayer:

Fixes: read of uninitialized memory
Fixes: 391916474/clusterfuzz-testcase-minimized-
ffmpeg_dem_MXF_fuzzer-4935250956845056

Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
 libavformat/mxfdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 0eed13d850d..184e97256cd 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -491,7 +491,9 @@ static int klv_read_packet(MXFContext *mxf,
KLVPacket *klv, AVIOContext *pb)
         return AVERROR_INVALIDDATA;
 
     memcpy(klv->key, mxf_klv_key, 4);
-    avio_read(pb, klv->key + 4, 12);
+    int ret = ffio_read_size(pb, klv->key + 4, 12);
+    if (ret < 0)
+        return ret;


ret != 12 is better. If it's non-negative then return AVERROR_EOF


ffio_read_size always returns the requested size or negative.

Also AVERROR_EOF would be a valid file ending, but a truncated readclearly means AVERROR_INVALIDDATA, and that is exactly whatffio_read_size() returns on a short read. So the patch is correct as isIMHO.


Regards,
Marton
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 3/4] avformat/mxfdec: Ensure klv->key is initialized

Reply via email to