avformat/pva: Make sure the first byte of pes_header_data has been initialized

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f53c1d0e95c_2674_PVA_test-partial.pva
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

1 files changed, 6 insertions, 3 deletions

diff --git a/libavformat/pva.c b/libavformat/pva.c
index 9b7a40a068..635fb728b3 100644
--- a/libavformat/pva.c
+++ b/libavformat/pva.c
@@ -85,6 +85,7 @@ static int read_part_of_packet(AVFormatContext *s, int64_t *pts,
     PVAContext *pvactx = s->priv_data;
     int syncword, streamid, reserved, flags, length, pts_flag;
     int64_t pva_pts = AV_NOPTS_VALUE, startpos;
+    int ret;
 
 recover:
     startpos = avio_tell(pb);
@@ -133,8 +134,8 @@ recover:
             pes_flags              = avio_rb16(pb);
             pes_header_data_length = avio_r8(pb);
 
-            if (pes_signal != 1) {
-                pva_log(s, AV_LOG_WARNING, "expected signaled PES packet, "
+            if (pes_signal != 1 || pes_header_data_length == 0) {
+                pva_log(s, AV_LOG_WARNING, "expected non empty signaled PES packet, "
                                           "trying to recover\n");
                 avio_skip(pb, length - 9);
                 if (!read_packet)
@@ -142,7 +143,9 @@ recover:
                 goto recover;
             }
 
-            avio_read(pb, pes_header_data, pes_header_data_length);
+            ret = avio_read(pb, pes_header_data, pes_header_data_length);
+            if (ret != pes_header_data_length)
+                return ret < 0 ? ret : AVERROR_INVALIDDATA;
             length -= 9 + pes_header_data_length;
 
             pes_packet_length -= 3 + pes_header_data_length;