| Message ID | b44d7f78-94a8-31ab-1d64-1992241d5427@googlemail.com |
|---|---|
| State | Superseded |
| Headers | show |
On Tue, Nov 08, 2016 at 11:36:58PM +0100, Andreas Cadhalpun wrote: > It can read less than the requested amount, in which case buf contains > uninitialized data, causing problems like segmentation faults later on. > > Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> > --- > libavformat/icodec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/icodec.c b/libavformat/icodec.c > index 8019a35..aad1416 100644 > --- a/libavformat/icodec.c > +++ b/libavformat/icodec.c > @@ -174,8 +174,8 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) > bytestream_put_le16(&buf, 0); > bytestream_put_le32(&buf, 0); > > - if ((ret = avio_read(pb, buf, image->size)) < 0) > - return ret; > + if ((ret = avio_read(pb, buf, image->size)) != image->size) > + return ret < 0 ? ret : AVERROR_INVALIDDATA; is anything checking size to be positive ? if not it could be matching an error code i think [...]
diff --git a/libavformat/icodec.c b/libavformat/icodec.c index 8019a35..aad1416 100644 --- a/libavformat/icodec.c +++ b/libavformat/icodec.c @@ -174,8 +174,8 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) bytestream_put_le16(&buf, 0); bytestream_put_le32(&buf, 0); - if ((ret = avio_read(pb, buf, image->size)) < 0) - return ret; + if ((ret = avio_read(pb, buf, image->size)) != image->size) + return ret < 0 ? ret : AVERROR_INVALIDDATA; st->codecpar->bits_per_coded_sample = AV_RL16(buf + 14);
It can read less than the requested amount, in which case buf contains uninitialized data, causing problems like segmentation faults later on. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavformat/icodec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)