aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>2015-05-12 23:49:45 +0200
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>2015-05-13 20:09:25 +0200
commita3ede6b742f37d511253ab4c2fd98c13203f1cd3 (patch)
tree6d4c2e0b9d0b3ffafdd1a2e108fa7ee1a222fdde
parent81cf9108563510dee24f73b2c5d94a7bd07ff747 (diff)
downloadffmpeg-a3ede6b742f37d511253ab4c2fd98c13203f1cd3.tar.gz
cafdec: check avio_read return value
If avio_read fails, the buffer can contain uninitialized values. Reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
-rw-r--r--libavformat/cafdec.c17
1 files changed, 14 insertions, 3 deletions
diff --git a/libavformat/cafdec.c b/libavformat/cafdec.c
index e31c0a52bc..abbb3538d7 100644
--- a/libavformat/cafdec.c
+++ b/libavformat/cafdec.c
@@ -129,7 +129,10 @@ static int read_kuki_chunk(AVFormatContext *s, int64_t size)
avio_skip(pb, size);
return AVERROR_INVALIDDATA;
}
- avio_read(pb, preamble, ALAC_PREAMBLE);
+ if (avio_read(pb, preamble, ALAC_PREAMBLE) != ALAC_PREAMBLE) {
+ av_log(s, AV_LOG_ERROR, "failed to read preamble\n");
+ return AVERROR_INVALIDDATA;
+ }
if (ff_alloc_extradata(st->codec, ALAC_HEADER))
return AVERROR(ENOMEM);
@@ -144,14 +147,22 @@ static int read_kuki_chunk(AVFormatContext *s, int64_t size)
av_freep(&st->codec->extradata);
return AVERROR_INVALIDDATA;
}
- avio_read(pb, st->codec->extradata, ALAC_HEADER);
+ if (avio_read(pb, st->codec->extradata, ALAC_HEADER) != ALAC_HEADER) {
+ av_log(s, AV_LOG_ERROR, "failed to read kuki header\n");
+ av_freep(&st->codec->extradata);
+ return AVERROR_INVALIDDATA;
+ }
avio_skip(pb, size - ALAC_PREAMBLE - ALAC_HEADER);
} else {
AV_WB32(st->codec->extradata, 36);
memcpy(&st->codec->extradata[4], "alac", 4);
AV_WB32(&st->codec->extradata[8], 0);
memcpy(&st->codec->extradata[12], preamble, 12);
- avio_read(pb, &st->codec->extradata[24], ALAC_NEW_KUKI - 12);
+ if (avio_read(pb, &st->codec->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) {
+ av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n");
+ av_freep(&st->codec->extradata);
+ return AVERROR_INVALIDDATA;
+ }
avio_skip(pb, size - ALAC_NEW_KUKI);
}
} else {