libavformat/amr.c: Check return value from avio_read()

If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with initialized data. Caught by Chromium fuzzeras (crbug.com/1065731). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b967f56b6d85f62446836fc8ef64d0dcfcbda17) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: John Rummell <jrummell@chromium.org> 2020-03-30 21:30:33 -0700
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-07-02 19:55:09 +0200
commit: 1e61cc5c51357f30f3e5ddcf69868b68afccc407 (patch)
tree: 5d1082b476406200300fbaa8809000c5932d4f46
parent: c703bdf3c8617016589b2896a3b5e23c2b0c236d (diff)
download: ffmpeg-1e61cc5c51357f30f3e5ddcf69868b68afccc407.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/amr.c b/libavformat/amr.c
index b5194a2d9e..d6c4b15b8d 100644
--- a/libavformat/amr.c
+++ b/libavformat/amr.c
@@ -83,13 +83,15 @@ static int amr_read_header(AVFormatContext *s)
     AVStream *st;
     uint8_t header[9];
 
-    avio_read(pb, header, 6);
+    if (avio_read(pb, header, 6) != 6)
+        return AVERROR_INVALIDDATA;
 
     st = avformat_new_stream(s, NULL);
     if (!st)
         return AVERROR(ENOMEM);
     if (memcmp(header, AMR_header, 6)) {
-        avio_read(pb, header + 6, 3);
+        if (avio_read(pb, header + 6, 3) != 3)
+            return AVERROR_INVALIDDATA;
         if (memcmp(header, AMRWB_header, 9)) {
             return -1;
         }
author	John Rummell <jrummell@chromium.org>	2020-03-30 21:30:33 -0700
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-07-02 19:55:09 +0200
commit	1e61cc5c51357f30f3e5ddcf69868b68afccc407 (patch)
tree	5d1082b476406200300fbaa8809000c5932d4f46
parent	c703bdf3c8617016589b2896a3b5e23c2b0c236d (diff)
download	ffmpeg-1e61cc5c51357f30f3e5ddcf69868b68afccc407.tar.gz