[FFmpeg-cvslog] avformat/rmdec: check that buf if completely filled

Michael Niedermayer Wed, 01 Jan 2025 12:42:31 -0800

ffmpeg | branch: master | Michael Niedermayer <mich...@niedermayer.cc> | Fri 
Aug 16 14:47:42 2024 +0200| [9578c135d00dd9cc01491b8559d7fad5a387e90d] | 
committer: Michael Niedermayer


avformat/rmdec: check that buf if completely filled

Fixes: use of uninitialized value
Fixes: 
70988/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5298245077630976

Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9578c135d00dd9cc01491b8559d7fad5a387e90d
---

 libavformat/rmdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index b07f3c7705..793b29bd18 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -188,7 +188,8 @@ static int rm_read_audio_stream_info(AVFormatContext *s, 
AVIOContext *pb,
         st->codecpar->ch_layout.nb_channels = avio_rb16(pb);
         if (version == 5) {
             ast->deint_id = avio_rl32(pb);
-            avio_read(pb, buf, 4);
+            if (avio_read(pb, buf, 4) != 4)
+                return AVERROR_INVALIDDATA;
             buf[4] = 0;
         } else {
             AV_WL32(buf, 0);

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-cvslog] avformat/rmdec: check that buf if completely filled

Reply via email to