libavformat/oggdec.c: Check return value from avio_read()

If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with unitialized data. Caught by Chromium fuzzers (crbug.com/1054229). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit b7c67b1ae3657058b32b9235119d07529ad5cce1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: John Rummell <jrummell@chromium.org> 2020-03-30 14:56:11 -0700
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-07-03 12:10:23 +0200
commit: cd655e4c0dc75a5de43d66af664d9347a82c2059 (patch)
tree: 7a83276a1ad7b97243affecdd9390cf47c55e909
parent: 12a53bf6731f6d56b61571f68154b83ad30c565c (diff)
download: ffmpeg-cd655e4c0dc75a5de43d66af664d9347a82c2059.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
index 27d16a3e4e..81cfb3c243 100644
--- a/libavformat/oggdec.c
+++ b/libavformat/oggdec.c
@@ -216,7 +216,8 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial, int nsegs)
         uint8_t magic[8];
         int64_t pos = avio_tell(s->pb);
         avio_skip(s->pb, nsegs);
-        avio_read(s->pb, magic, sizeof(magic));
+        if (avio_read(s->pb, magic, sizeof(magic)) != sizeof(magic))
+            return AVERROR_INVALIDDATA;
         avio_seek(s->pb, pos, SEEK_SET);
         codec = ogg_find_codec(magic, sizeof(magic));
         if (!codec) {
author	John Rummell <jrummell@chromium.org>	2020-03-30 14:56:11 -0700
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +0200
commit	cd655e4c0dc75a5de43d66af664d9347a82c2059 (patch)
tree	7a83276a1ad7b97243affecdd9390cf47c55e909
parent	12a53bf6731f6d56b61571f68154b83ad30c565c (diff)
download	ffmpeg-cd655e4c0dc75a5de43d66af664d9347a82c2059.tar.gz