Message ID | 20240816231157.3166012-1-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/9] avformat/rmdec: check that bug if completely filled | expand |
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 25a8681cfd3..4b21105d3dd 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -188,7 +188,8 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codecpar->ch_layout.nb_channels = avio_rb16(pb); if (version == 5) { ast->deint_id = avio_rl32(pb); - avio_read(pb, buf, 4); + if (avio_read(pb, buf, 4) != 4) + return AVERROR_INVALIDDATA; buf[4] = 0; } else { AV_WL32(buf, 0);
Fixes: use of uninitialized value Fixes: 70988/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5298245077630976 Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/rmdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)