diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-12-19 03:50:05 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-12-19 05:07:13 +0100 |
| commit | e72f5abbc62d1ce1dc9cd689c1d8a49ead757c5a (patch) | |
| tree | ce1c78080adf10faba1ec0103113785b524355f5 /libavformat/swfdec.c | |
| parent | d2d794f3aa55ab77557bb1d6082f9f6dfa90400d (diff) | |
| download | ffmpeg-e72f5abbc62d1ce1dc9cd689c1d8a49ead757c5a.tar.gz | |
avformat/swfdec: check avio_read() return code
Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat/swfdec.c')
| -rw-r--r-- | libavformat/swfdec.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index c77e28f0c9..c36c024168 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -455,10 +455,20 @@ bitmap_end_skip: /* old SWF files containing SOI/EOI as data start */ /* files created by swink have reversed tag */ pkt->size -= 4; - avio_read(pb, pkt->data, pkt->size); + res = avio_read(pb, pkt->data, pkt->size); } else { - avio_read(pb, pkt->data + 4, pkt->size - 4); + res = avio_read(pb, pkt->data + 4, pkt->size - 4); + if (res >= 0) + res += 4; } + if (res != pkt->size) { + if (res < 0) { + av_free_packet(pkt); + return res; + } + av_shrink_packet(pkt, res); + } + pkt->pos = pos; pkt->stream_index = st->index; return pkt->size; |