[FFmpeg-devel] mp3dec: fix msan warning when verifying mpa header

Submitted by Matthew Wolenetz on Dec. 14, 2016, 11:39 p.m.

Details

Message ID CAADho6OXS+0Te2THL1qq5fTBLPQy1zESXwB5ReL_XO1gJwRDxw@mail.gmail.com
State New
Headers show

Commit Message

Matthew Wolenetz Dec. 14, 2016, 11:39 p.m.
MPEG Audio frame header must be 4 bytes. If we fail to read
4 bytes bail early to avoid Use-of-uninitialized-value msan error.
Reference https://crbug.com/666874.

Comments

Michael Niedermayer Dec. 15, 2016, 3:35 a.m.
On Wed, Dec 14, 2016 at 03:39:59PM -0800, Matthew Wolenetz wrote:
> MPEG Audio frame header must be 4 bytes. If we fail to read
> 4 bytes bail early to avoid Use-of-uninitialized-value msan error.
> Reference https://crbug.com/666874.

>  mp3dec.c |    3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> a5668a4c9770ce6875733ad96c982266f110e322  666874-mp3dec-fix-msan-warning-when-verifying-mpa-header.patch
> From 5ed6e20c09840320784c43b86b75b3ede69742f6 Mon Sep 17 00:00:00 2001
> From: Chris Cunningham <chcunningham@chromium.org>
> Date: Tue, 22 Nov 2016 13:54:50 -0800
> Subject: [PATCH] mp3dec: fix msan warning when verifying mpa header
> 
> MPEG Audio frame header must be 4 bytes. If we fail to read
> 4 bytes bail early to avoid Use-of-uninitialized-value msan error.
> Reference https://crbug.com/666874.
> ---
>  libavformat/mp3dec.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)

applied

thx

[...]

Patch hide | download patch | download mbox

From 5ed6e20c09840320784c43b86b75b3ede69742f6 Mon Sep 17 00:00:00 2001
From: Chris Cunningham <chcunningham@chromium.org>
Date: Tue, 22 Nov 2016 13:54:50 -0800
Subject: [PATCH] mp3dec: fix msan warning when verifying mpa header

MPEG Audio frame header must be 4 bytes. If we fail to read
4 bytes bail early to avoid Use-of-uninitialized-value msan error.
Reference https://crbug.com/666874.
---
 libavformat/mp3dec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/mp3dec.c b/libavformat/mp3dec.c
index 291cf56..64217b2 100644
--- a/libavformat/mp3dec.c
+++ b/libavformat/mp3dec.c
@@ -461,7 +461,8 @@  static int check(AVIOContext *pb, int64_t pos, uint32_t *ret_header)
         return CHECK_SEEK_FAILED;
 
     ret = avio_read(pb, &header_buf[0], 4);
-    if (ret < 0)
+    /* We should always find four bytes for a valid mpa header. */
+    if (ret < 4)
         return CHECK_SEEK_FAILED;
 
     header = AV_RB32(&header_buf[0]);
-- 
2.8.0.rc3.226.g39d4020