[FFmpeg-cvslog] avformat/iss: check sscanf() return code
Michael Niedermayer
git at videolan.org
Mon Dec 23 16:37:17 CET 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Dec 23 00:17:52 2013 +0100| [5c3079aaa94ba8140fc727b5533b75b5b337b2bb] | committer: Michael Niedermayer
avformat/iss: check sscanf() return code
Fixes use of uninitialized data
Fixes: msan_uninit-mem_7f883205ce82_15_0001010100.iss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=5c3079aaa94ba8140fc727b5533b75b5b337b2bb
---
libavformat/iss.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/libavformat/iss.c b/libavformat/iss.c
index e4335b4..e994531 100644
--- a/libavformat/iss.c
+++ b/libavformat/iss.c
@@ -76,14 +76,23 @@ static av_cold int iss_read_header(AVFormatContext *s)
get_token(pb, token, sizeof(token)); //"IMA_ADPCM_Sound"
get_token(pb, token, sizeof(token)); //packet size
- sscanf(token, "%d", &iss->packet_size);
+ if (sscanf(token, "%d", &iss->packet_size) != 1) {
+ av_log(s, AV_LOG_ERROR, "Failed parsing packet size\n");
+ return AVERROR_INVALIDDATA;
+ }
get_token(pb, token, sizeof(token)); //File ID
get_token(pb, token, sizeof(token)); //out size
get_token(pb, token, sizeof(token)); //stereo
- sscanf(token, "%d", &stereo);
+ if (sscanf(token, "%d", &stereo) != 1) {
+ av_log(s, AV_LOG_ERROR, "Failed parsing stereo flag\n");
+ return AVERROR_INVALIDDATA;
+ }
get_token(pb, token, sizeof(token)); //Unknown1
get_token(pb, token, sizeof(token)); //RateDivisor
- sscanf(token, "%d", &rate_divisor);
+ if (sscanf(token, "%d", &rate_divisor) != 1) {
+ av_log(s, AV_LOG_ERROR, "Failed parsing rate_divisor\n");
+ return AVERROR_INVALIDDATA;
+ }
get_token(pb, token, sizeof(token)); //Unknown2
get_token(pb, token, sizeof(token)); //Version ID
get_token(pb, token, sizeof(token)); //Size
More information about the ffmpeg-cvslog
mailing list