From patchwork Wed Aug 19 22:51:02 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thierry Foucu <tfoucu@gmail.com>
X-Patchwork-Id: 21746
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 9554944AA31
	for <patchwork@ffaux-bg.ffmpeg.org>; Thu, 20 Aug 2020 02:14:24 +0300 (EEST)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7366068AE6F;
	Thu, 20 Aug 2020 02:14:24 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-oi1-f193.google.com (mail-oi1-f193.google.com
 [209.85.167.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2D1B26809B4
 for <ffmpeg-devel@ffmpeg.org>; Thu, 20 Aug 2020 02:14:18 +0300 (EEST)
Received: by mail-oi1-f193.google.com with SMTP id l204so445316oib.3
 for <ffmpeg-devel@ffmpeg.org>; Wed, 19 Aug 2020 16:14:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:date:message-id:in-reply-to:references
 :mime-version:content-transfer-encoding;
 bh=HXOojL5HPV33LBQoVtKNNGtxOavzwzFQwFgwB65wh18=;
 b=mgWzuaCpYgpDCchXZ4dir8VK4HMqkiMR5qq/ahZaL/HAdvttp+anwIUUBUewXGwMws
 PaJ82rFHzErvFF2/WEGTdllmFxMtFKiW9ciae3FFxf5/bpi7QyWJHYFbd/Gg5DnixXLB
 o4BZcaIqO9InyHSIWSSebXcqbNS9IySMaYOgdUfPv+1YKSyZ6xGayMCmRY4NXNgY0Xnv
 g7Aj+h2ymBamskA3xxiC4A3akGkI26PazCVqkdqkBrIgTPCFcxRrwfAG3I99bzrM/emx
 YJ684+zrY5iRKpHO8b1/LTCppZfMW2rWWYuwECgA8syBRtzeAuU8htLOO+lzUD/xiLWt
 AQqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=HXOojL5HPV33LBQoVtKNNGtxOavzwzFQwFgwB65wh18=;
 b=t9izZFXOOI54uTIOK/OwjqBj2pip2tGpyT64CIgw/5NaCy0vwtIjElMNbwhJgarpjj
 jRHjWyim+RRsQGyazcupxZuPMVKWVYWQ3DWxgXISm2nGQLu0+FMqV9c2r2npbjN0Ptsz
 PARkyQ0gVSmG1USEBG83V5b6/Ugl68wwcI8yNWU+87voB0RSZq/ISYFilbHUoCaTrWKU
 0lS32ed9OzQL6afvqLm8rAEOMUC5E8gCmu9d5olqj1ZpWoAB00i7q8JzrHo5eNrT4Njo
 JfUAk/ZRIx0x82cLtFoPeqbN8B7CNiD06boT/GELq2529Ti+YxRNbQ+WwJ1blCKtTRmD
 gjWA==
X-Gm-Message-State: AOAM531RaZ8Zw9d/2iT1slSQfqYHwgLu6LwBjNwXE6jrFKKlXIQX9OEd
 Buu5idroHIDVyCDdO7iKHsyur+1ds1A=
X-Google-Smtp-Source: 
 ABdhPJx85jwiFNUCCJ/S/68IMUWHjndFj3JSntT6LSI6NHGFpptBpzGwVIKb/tCE8eudm6g/0sAkKA==
X-Received: by 2002:a17:90a:6e41:: with SMTP id
 s1mr73587pjm.223.1597877467555;
 Wed, 19 Aug 2020 15:51:07 -0700 (PDT)
Received: from tfoucu.mtv.corp.google.com
 ([2620:0:1000:4001:a28c:fdff:feed:4b81])
 by smtp.gmail.com with ESMTPSA id y10sm244372pff.177.2020.08.19.15.51.06
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 19 Aug 2020 15:51:06 -0700 (PDT)
From: Thierry Foucu <tfoucu@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 19 Aug 2020 15:51:02 -0700
Message-Id: <20200819225102.215654-1-tfoucu@gmail.com>
X-Mailer: git-send-email 2.28.0.220.ged08abb693-goog
In-Reply-To: <e2f4ba3e-9c4d-2fba-18f3-748a4c04d8c6@gmail.com>
References: <e2f4ba3e-9c4d-2fba-18f3-748a4c04d8c6@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH] libavformat/r3d.c: Fix
	Use-of-uninitialized-value in filename.
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Thierry Foucu <tfoucu@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

While reading the filename tag, it mays return a EOF and we are still
copying the file with uninitialized value.
---
 libavformat/r3d.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/libavformat/r3d.c b/libavformat/r3d.c
index 7aa0c5a2c3..d013b8c30e 100644
--- a/libavformat/r3d.c
+++ b/libavformat/r3d.c
@@ -56,6 +56,7 @@ static int r3d_read_red1(AVFormatContext *s)
     R3DContext *r3d = s->priv_data;
     char filename[258];
     int tmp;
+    int ret;
     int av_unused tmp2;
     AVRational framerate;
 
@@ -97,7 +98,9 @@ static int r3d_read_red1(AVFormatContext *s)
     r3d->audio_channels = avio_r8(s->pb); // audio channels
     av_log(s, AV_LOG_TRACE, "audio channels %d\n", tmp);
 
-    avio_read(s->pb, filename, 257);
+    ret = avio_read(s->pb, filename, 257);
+    if (ret < 257)
+        return AVERROR_EOF;
     filename[sizeof(filename)-1] = 0;
     av_dict_set(&st->metadata, "filename", filename, 0);