On 7/6/2023 6:08 PM, Andreas Rheinhardt wrote:
Fixes potential use of uninitialized values
in evc_read_nal_unit_length().
Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@outlook.com>
---
libavformat/evcdec.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c
index 9886542311..0f464930f7 100644
--- a/libavformat/evcdec.c
+++ b/libavformat/evcdec.c
@@ -162,6 +162,8 @@ static int evc_read_packet(AVFormatContext *s, AVPacket
*pkt)
ret = avio_read(s->pb, buf, EVC_NALU_LENGTH_PREFIX_SIZE);
if (ret < 0)
return ret;
+ if (ret != EVC_NALU_LENGTH_PREFIX_SIZE)
+ return AVERROR_INVALIDDATA;
There's a ffio_ensure_seekback() for EVC_NALU_LENGTH_PREFIX_SIZE bytes
immediately before the avio_read() call. Shouldn't that be enough to
guarantee that much can be read?
Also, you can just pass ret to evc_read_nal_unit_length() below instead
of adding this check here. It will return an error if it's <
EVC_NALU_LENGTH_PREFIX_SIZE.
nalu_size = evc_read_nal_unit_length(buf, EVC_NALU_LENGTH_PREFIX_SIZE);
if (!nalu_size || nalu_size > INT_MAX)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
