avformat/dxa: check avio_read() return
Fixes use of uninitialized memory Fixes msan_uninit-mem_7fd4d4323ddd_2453_MUSOSP1.dxa Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
parent
5a5c1b2442
commit
ae09db1023
1 changed files with 8 additions and 2 deletions
|
|
@ -169,7 +169,10 @@ static int dxa_read_packet(AVFormatContext *s, AVPacket *pkt)
|
||||||
}
|
}
|
||||||
avio_seek(s->pb, c->vidpos, SEEK_SET);
|
avio_seek(s->pb, c->vidpos, SEEK_SET);
|
||||||
while(!url_feof(s->pb) && c->frames){
|
while(!url_feof(s->pb) && c->frames){
|
||||||
avio_read(s->pb, buf, 4);
|
if ((ret = avio_read(s->pb, buf, 4)) != 4) {
|
||||||
|
av_log(s, AV_LOG_ERROR, "failed reading chunk type\n");
|
||||||
|
return ret < 0 ? ret : AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
switch(AV_RL32(buf)){
|
switch(AV_RL32(buf)){
|
||||||
case MKTAG('N', 'U', 'L', 'L'):
|
case MKTAG('N', 'U', 'L', 'L'):
|
||||||
if(av_new_packet(pkt, 4 + pal_size) < 0)
|
if(av_new_packet(pkt, 4 + pal_size) < 0)
|
||||||
|
|
@ -187,7 +190,10 @@ static int dxa_read_packet(AVFormatContext *s, AVPacket *pkt)
|
||||||
avio_read(s->pb, pal + 4, 768);
|
avio_read(s->pb, pal + 4, 768);
|
||||||
break;
|
break;
|
||||||
case MKTAG('F', 'R', 'A', 'M'):
|
case MKTAG('F', 'R', 'A', 'M'):
|
||||||
avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4);
|
if ((ret = avio_read(s->pb, buf + 4, DXA_EXTRA_SIZE - 4)) != DXA_EXTRA_SIZE - 4) {
|
||||||
|
av_log(s, AV_LOG_ERROR, "failed reading dxa_extra\n");
|
||||||
|
return ret < 0 ? ret : AVERROR_INVALIDDATA;
|
||||||
|
}
|
||||||
size = AV_RB32(buf + 5);
|
size = AV_RB32(buf + 5);
|
||||||
if(size > 0xFFFFFF){
|
if(size > 0xFFFFFF){
|
||||||
av_log(s, AV_LOG_ERROR, "Frame size is too big: %d\n", size);
|
av_log(s, AV_LOG_ERROR, "Frame size is too big: %d\n", size);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue