diff mbox

[FFmpeg-devel] libopenmpt: add missing avio_read return value check

Message ID fae6bdf8-f7d3-5144-9906-9c5257f42850@googlemail.com
State Accepted
Commit 367cac7827870054ae3bd6d4517e7b13f4f3f72c
Headers show

Commit Message

Andreas Cadhalpun Jan. 1, 2017, 7:27 p.m. UTC 
This fixes heap-buffer-overflows in libopenmpt caused by interpreting
the negative size value as unsigned size_t.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/libopenmpt.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Jörn Heusipp Jan. 9, 2017, 7:20 p.m. UTC | #1 
On 01/01/2017 08:27 PM, Andreas Cadhalpun wrote:
> This fixes heap-buffer-overflows in libopenmpt caused by interpreting
> the negative size value as unsigned size_t.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> ---
>  libavformat/libopenmpt.c | 5 +++++
>  1 file changed, 5 insertions(+)

Looks fine to me.

Regards,
Jörn
Jörn Heusipp Jan. 15, 2017, 11:55 a.m. UTC | #2 
On 01/09/2017 08:20 PM, Jörn Heusipp wrote:
> On 01/01/2017 08:27 PM, Andreas Cadhalpun wrote:
>> This fixes heap-buffer-overflows in libopenmpt caused by interpreting
>> the negative size value as unsigned size_t.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
>> ---
>>  libavformat/libopenmpt.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>
> Looks fine to me.

Is there any reason this patch has not been committed yet?
Also needs to be applied to the release/3.2 branch.

Regards,
Jörn
Michael Niedermayer Jan. 16, 2017, 12:37 a.m. UTC | #3 
On Sun, Jan 15, 2017 at 12:55:46PM +0100, Jörn Heusipp wrote:
> 
> On 01/09/2017 08:20 PM, Jörn Heusipp wrote:
> >On 01/01/2017 08:27 PM, Andreas Cadhalpun wrote:
> >>This fixes heap-buffer-overflows in libopenmpt caused by interpreting
> >>the negative size value as unsigned size_t.
> >>
> >>Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
> >>---
> >> libavformat/libopenmpt.c | 5 +++++
> >> 1 file changed, 5 insertions(+)
> >
> >Looks fine to me.
> 
> Is there any reason this patch has not been committed yet?

i cant see one, thus applied

thx

> Also needs to be applied to the release/3.2 branch.
> 
> Regards,
> Jörn
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
diff mbox

Patch

diff --git a/libavformat/libopenmpt.c b/libavformat/libopenmpt.c
index e7091ef9fc..35fd28f5f4 100644
--- a/libavformat/libopenmpt.c
+++ b/libavformat/libopenmpt.c
@@ -82,6 +82,11 @@  static int read_header_openmpt(AVFormatContext *s)
     if (!buf)
         return AVERROR(ENOMEM);
     size = avio_read(s->pb, buf, size);
+    if (size < 0) {
+        av_log(s, AV_LOG_ERROR, "Reading input buffer failed.\n");
+        av_freep(&buf);
+        return size;
+    }
 
     openmpt->module = openmpt_module_create_from_memory(buf, size, openmpt_logfunc, s, NULL);
     av_freep(&buf);