[FFmpeg-cvslog] icodec: correctly check avio_read return value
Andreas Cadhalpun
git at videolan.org
Sun Nov 27 01:30:11 EET 2016
ffmpeg | branch: release/3.1 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Tue Nov 8 23:29:28 2016 +0100| [c35a140e71710d815bab9581e928b42177feaf7e] | committer: Andreas Cadhalpun
icodec: correctly check avio_read return value
It can read less than the requested amount, in which case buf contains
uninitialized data, causing problems like segmentation faults later on.
Also make sure that image->size is positive, so that it can't match a
negative error code.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit 89eb398c7fc4cb9a15e55bdf2ab6435b5332e377)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c35a140e71710d815bab9581e928b42177feaf7e
---
libavformat/icodec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavformat/icodec.c b/libavformat/icodec.c
index a0e126a..f33fa11 100644
--- a/libavformat/icodec.c
+++ b/libavformat/icodec.c
@@ -109,6 +109,10 @@ static int read_header(AVFormatContext *s)
avio_skip(pb, 5);
ico->images[i].size = avio_rl32(pb);
+ if (ico->images[i].size <= 0) {
+ av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->images[i].size);
+ return AVERROR_INVALIDDATA;
+ }
ico->images[i].offset = avio_rl32(pb);
if (avio_seek(pb, ico->images[i].offset, SEEK_SET) < 0)
@@ -174,9 +178,9 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
bytestream_put_le16(&buf, 0);
bytestream_put_le32(&buf, 0);
- if ((ret = avio_read(pb, buf, image->size)) < 0) {
+ if ((ret = avio_read(pb, buf, image->size)) != image->size) {
av_packet_unref(pkt);
- return ret;
+ return ret < 0 ? ret : AVERROR_INVALIDDATA;
}
st->codecpar->bits_per_coded_sample = AV_RL16(buf + 14);
More information about the ffmpeg-cvslog
mailing list