avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()

Fixes: Use of uninitialized memory Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2024-09-23 20:05:37 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2025-01-21 22:55:11 +0100
commit: 6ecc96f4d08d74b0590ab03f39f93f386910c4c0 (patch)
tree: 70fa93023dba71569fbc67ebaaab25880b40ad0a
parent: 90ff3ae9769dc79fd18400eedc97c352fa73926d (diff)
download: ffmpeg-6ecc96f4d08d74b0590ab03f39f93f386910c4c0.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 02db8d4cb3..6bc8980d9c 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -697,7 +697,8 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv
     if (size < 32 || size - 32 < orig_size || (int)orig_size != orig_size)
         return AVERROR_INVALIDDATA;
     avio_read(pb, ivec, 16);
-    avio_read(pb, tmpbuf, 16);
+    if (avio_read(pb, tmpbuf, 16) != 16)
+        return AVERROR_INVALIDDATA;
     if (mxf->aesc)
         av_aes_crypt(mxf->aesc, tmpbuf, tmpbuf, 1, ivec, 1);
     if (memcmp(tmpbuf, checkv, 16))
author	Michael Niedermayer <michael@niedermayer.cc>	2024-09-23 20:05:37 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2025-01-21 22:55:11 +0100
commit	6ecc96f4d08d74b0590ab03f39f93f386910c4c0 (patch)
tree	70fa93023dba71569fbc67ebaaab25880b40ad0a
parent	90ff3ae9769dc79fd18400eedc97c352fa73926d (diff)
download	ffmpeg-6ecc96f4d08d74b0590ab03f39f93f386910c4c0.tar.gz