diff options
author | Michael Niedermayer <michael@niedermayer.cc> | 2024-08-19 22:17:48 +0200 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2024-08-28 16:27:56 +0200 |
commit | 815d00868101956e2f1f9f8dd509c11af5a63684 (patch) | |
tree | 12c8cb0ccd7fe1d9a5bf4e2b2fa28c91439e7f70 | |
parent | 46e3bc2ebd21b215edce773de7c498121c1be766 (diff) | |
download | ffmpeg-815d00868101956e2f1f9f8dd509c11af5a63684.tar.gz |
avformat/argo_brp: Check that ASF chunk header is completely read
Fixes: Use of uninitialized value
Fixes: 71280/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-4692991866896384
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
-rw-r--r-- | libavformat/argo_brp.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/argo_brp.c b/libavformat/argo_brp.c index f88def3731..94b404b5d0 100644 --- a/libavformat/argo_brp.c +++ b/libavformat/argo_brp.c @@ -380,8 +380,8 @@ static int argo_brp_read_packet(AVFormatContext *s, AVPacket *pkt) if (blk.size < ASF_CHUNK_HEADER_SIZE) return AVERROR_INVALIDDATA; - if ((ret = avio_read(s->pb, buf, ASF_CHUNK_HEADER_SIZE)) < 0) - return ret; + if (avio_read(s->pb, buf, ASF_CHUNK_HEADER_SIZE) != ASF_CHUNK_HEADER_SIZE) + return AVERROR_INVALIDDATA; ff_argo_asf_parse_chunk_header(&ckhdr, buf); |