libavformat/oggdec.c: Check return value from avio_read()

If the buffer doesn't contain enough bytes when reading a stream, fail rather than continuing on with unitialized data. Caught by Chromium fuzzers (crbug.com/1054229). Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: John Rummell <jrummell@chromium.org> 2020-03-30 14:56:11 -0700
committer: Michael Niedermayer <michael@niedermayer.cc> 2020-04-01 22:21:26 +0200
commit: b7c67b1ae3657058b32b9235119d07529ad5cce1 (patch)
tree: bdf05036b3c1d14d75a92822a982db4aa87d394c /libavformat/oggdec.c
parent: 5a0575e32c62765549675833a0e523769955b616 (diff)
download: ffmpeg-b7c67b1ae3657058b32b9235119d07529ad5cce1.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/libavformat/oggdec.c b/libavformat/oggdec.c
index 4f4b5fe386..de2f24b967 100644
--- a/libavformat/oggdec.c
+++ b/libavformat/oggdec.c
@@ -216,7 +216,8 @@ static int ogg_replace_stream(AVFormatContext *s, uint32_t serial, int nsegs)
         uint8_t magic[8];
         int64_t pos = avio_tell(s->pb);
         avio_skip(s->pb, nsegs);
-        avio_read(s->pb, magic, sizeof(magic));
+        if (avio_read(s->pb, magic, sizeof(magic)) != sizeof(magic))
+            return AVERROR_INVALIDDATA;
         avio_seek(s->pb, pos, SEEK_SET);
         codec = ogg_find_codec(magic, sizeof(magic));
         if (!codec) {
author	John Rummell <jrummell@chromium.org>	2020-03-30 14:56:11 -0700
committer	Michael Niedermayer <michael@niedermayer.cc>	2020-04-01 22:21:26 +0200
commit	b7c67b1ae3657058b32b9235119d07529ad5cce1 (patch)
tree	bdf05036b3c1d14d75a92822a982db4aa87d394c /libavformat/oggdec.c
parent	5a0575e32c62765549675833a0e523769955b616 (diff)
download	ffmpeg-b7c67b1ae3657058b32b9235119d07529ad5cce1.tar.gz