avformat/mov: Check avio_read() return code in mov_read_extradata() and shrink the extradata if needed / return an error

Fixes use of uninitialized data Fixes: msan_uninit-mem_7ff57193e77e_2715_RAW512K_Stream_004.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-14 23:59:39 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-15 00:16:53 +0100
commit: 7a5d3a41fe380422cca80279732f297a2e118212 (patch)
tree: 954e171787e01a28d9c114dedddb063d5c0cce94 /libavformat/mov.c
parent: 12e81041200d50bcc755e6b427a9e8f37ef9f212 (diff)
download: ffmpeg-7a5d3a41fe380422cca80279732f297a2e118212.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 0157a7dc8a..7ca4f922d5 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1002,7 +1002,13 @@ static int mov_read_extradata(MOVContext *c, AVIOContext *pb, MOVAtom atom,
     st->codec->extradata_size= size - FF_INPUT_BUFFER_PADDING_SIZE;
     AV_WB32(       buf    , atom.size + 8);
     AV_WL32(       buf + 4, atom.type);
-    avio_read(pb, buf + 8, atom.size);
+    err = avio_read(pb, buf + 8, atom.size);
+    if (err < 0) {
+        return err;
+    } else if (err < atom.size) {
+        av_log(c->fc, AV_LOG_WARNING, "truncated extradata\n");
+        st->codec->extradata_size -= atom.size - err;
+    }
     return 0;
 }
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-14 23:59:39 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-15 00:16:53 +0100
commit	7a5d3a41fe380422cca80279732f297a2e118212 (patch)
tree	954e171787e01a28d9c114dedddb063d5c0cce94 /libavformat/mov.c
parent	12e81041200d50bcc755e6b427a9e8f37ef9f212 (diff)
download	ffmpeg-7a5d3a41fe380422cca80279732f297a2e118212.tar.gz