On Tue, Nov 08, 2016 at 11:36:58PM +0100, Andreas Cadhalpun wrote: > It can read less than the requested amount, in which case buf contains > uninitialized data, causing problems like segmentation faults later on. > > Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > --- > libavformat/icodec.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavformat/icodec.c b/libavformat/icodec.c > index 8019a35..aad1416 100644 > --- a/libavformat/icodec.c > +++ b/libavformat/icodec.c > @@ -174,8 +174,8 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt) > bytestream_put_le16(&buf, 0); > bytestream_put_le32(&buf, 0); > > - if ((ret = avio_read(pb, buf, image->size)) < 0) > - return ret; > + if ((ret = avio_read(pb, buf, image->size)) != image->size) > + return ret < 0 ? ret : AVERROR_INVALIDDATA;
is anything checking size to be positive ? if not it could be matching an error code i think [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB If a bugfix only changes things apparently unrelated to the bug with no further explanation, that is a good sign that the bugfix is wrong.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
