libavformat/amr.c: Check return value from avio_read()

If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with initialized data. Caught by Chromium fuzzeras (crbug.com/1065731). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit 5b967f56b6d85f62446836fc8ef64d0dcfcbda17) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: John Rummell <jrummell@chromium.org> 2020-03-30 21:30:33 -0700
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-07-03 12:10:23 +0200
commit: a09b223cd2a102313fc0ac6edf3a32dd1912b7f4 (patch)
tree: d460b91ddb68897f3f1b7451fd685c2ce803571e /libavformat/amr.c
parent: 7f8e9d9b7716b1193e40dd8029268ed994ed18a5 (diff)
download: ffmpeg-a09b223cd2a102313fc0ac6edf3a32dd1912b7f4.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/amr.c b/libavformat/amr.c
index de347058f3..6b24130076 100644
--- a/libavformat/amr.c
+++ b/libavformat/amr.c
@@ -90,13 +90,15 @@ static int amr_read_header(AVFormatContext *s)
     AVStream *st;
     uint8_t header[9];
 
-    avio_read(pb, header, 6);
+    if (avio_read(pb, header, 6) != 6)
+        return AVERROR_INVALIDDATA;
 
     st = avformat_new_stream(s, NULL);
     if (!st)
         return AVERROR(ENOMEM);
     if (memcmp(header, AMR_header, 6)) {
-        avio_read(pb, header + 6, 3);
+        if (avio_read(pb, header + 6, 3) != 3)
+            return AVERROR_INVALIDDATA;
         if (memcmp(header, AMRWB_header, 9)) {
             return -1;
         }
author	John Rummell <jrummell@chromium.org>	2020-03-30 21:30:33 -0700
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-07-03 12:10:23 +0200
commit	a09b223cd2a102313fc0ac6edf3a32dd1912b7f4 (patch)
tree	d460b91ddb68897f3f1b7451fd685c2ce803571e /libavformat/amr.c
parent	7f8e9d9b7716b1193e40dd8029268ed994ed18a5 (diff)
download	ffmpeg-a09b223cd2a102313fc0ac6edf3a32dd1912b7f4.tar.gz