avformat/dxa: check avio_read() return

Fixes use of uninitialized memory
Fixes msan_uninit-mem_7fd4d4323ddd_2453_MUSOSP1.dxa
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

1 files changed, 8 insertions, 2 deletions

diff --git a/libavformat/dxa.c b/libavformat/dxa.c
index 22ee2a97a5..5b2d7c0cbe 100644
--- a/libavformat/dxa.c
+++ b/libavformat/dxa.c
@@ -169,7 +169,10 @@ static int dxa_read_packet(AVFormatContext *s, AVPacket *pkt)
     }
     avio_seek(s->pb, c->vidpos, SEEK_SET);
     while(!url_feof(s->pb) && c->frames){
-        avio_read(s->pb, buf, 4);
+        if ((ret = avio_read(s->pb, buf, 4)) != 4) {
+            av_log(s, AV_LOG_ERROR, "failed reading chunk type\n");
+            return ret < 0 ? ret : AVERROR_INVALIDDATA;
+        }
         switch(AV_RL32(buf)){
         case MKTAG('N', 'U', 'L', 'L'):
             if(av_new_packet(pkt, 4 + pal_size) < 0)
@@ -187,7 +190,10 @@ static int dxa_read_packet(AVFormatContext *s, AVPacket *pkt)
             avio_read(s->pb, pal + 4, 768);
             break;
         case MKTAG('F', 'R', 'A', 'M'):
-            avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4);
+            if ((ret = avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4)) != DXA_EXTRA_SIZE - 4) {
+                av_log(s, AV_LOG_ERROR, "failed reading dxa_extra\n");
+                return ret < 0 ? ret : AVERROR_INVALIDDATA;
+            }
             size = AV_RB32(buf + 5);
             if(size > 0xFFFFFF){
                 av_log(s, AV_LOG_ERROR, "Frame size is too big: %d\n", size);