[FFmpeg-cvslog] avformat/dxa: check avio_read() return
Michael Niedermayer
git at videolan.org
Thu Dec 19 18:52:59 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Dec 19 17:14:59 2013 +0100| [ae09db1023083cbc99009c9f16e83e159d0ea040] | committer: Michael Niedermayer
avformat/dxa: check avio_read() return
Fixes use of uninitialized memory
Fixes msan_uninit-mem_7fd4d4323ddd_2453_MUSOSP1.dxa
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ae09db1023083cbc99009c9f16e83e159d0ea040
---
libavformat/dxa.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index 22ee2a9..5b2d7c0 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -169,7 +169,10 @@ static int dxa_read_packet(AVFormatContext *s, AVPacket *pkt)
}
avio_seek(s->pb, c->vidpos, SEEK_SET);
while(!url_feof(s->pb) && c->frames){
- avio_read(s->pb, buf, 4);
+ if ((ret = avio_read(s->pb, buf, 4)) != 4) {
+ av_log(s, AV_LOG_ERROR, "failed reading chunk type\n");
+ return ret < 0 ? ret : AVERROR_INVALIDDATA;
+ }
switch(AV_RL32(buf)){
case MKTAG('N', 'U', 'L', 'L'):
if(av_new_packet(pkt, 4 + pal_size) < 0)
@@ -187,7 +190,10 @@ static int dxa_read_packet(AVFormatContext *s, AVPacket *pkt)
avio_read(s->pb, pal + 4, 768);
break;
case MKTAG('F', 'R', 'A', 'M'):
- avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4);
+ if ((ret = avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4)) != DXA_EXTRA_SIZE - 4) {
+ av_log(s, AV_LOG_ERROR, "failed reading dxa_extra\n");
+ return ret < 0 ? ret : AVERROR_INVALIDDATA;
+ }
size = AV_RB32(buf + 5);
if(size > 0xFFFFFF){
av_log(s, AV_LOG_ERROR, "Frame size is too big: %d\n", size);
More information about the ffmpeg-cvslog
mailing list