[FFmpeg-devel] [PATCH] icodec: correctly check avio_read return value

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Wed Nov 9 21:56:00 EET 2016


On 09.11.2016 02:31, Michael Niedermayer wrote:
> On Tue, Nov 08, 2016 at 11:36:58PM +0100, Andreas Cadhalpun wrote:
>> It can read less than the requested amount, in which case buf contains
>> uninitialized data, causing problems like segmentation faults later on.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>  libavformat/icodec.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/icodec.c b/libavformat/icodec.c
>> index 8019a35..aad1416 100644
>> --- a/libavformat/icodec.c
>> +++ b/libavformat/icodec.c
>> @@ -174,8 +174,8 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
>>          bytestream_put_le16(&buf, 0);
>>          bytestream_put_le32(&buf, 0);
>>  
>> -        if ((ret = avio_read(pb, buf, image->size)) < 0)
>> -            return ret;
>> +        if ((ret = avio_read(pb, buf, image->size)) != image->size)
>> +            return ret < 0 ? ret : AVERROR_INVALIDDATA;
> 
> is anything checking size to be positive ?
> if not it could be matching an error code i think

I've added a check to make sure that size is positive. New patch attached.

Best regards,
Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-icodec-correctly-check-avio_read-return-value.patch
Type: text/x-diff
Size: 1651 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161109/4473c2be/attachment.patch>


More information about the ffmpeg-devel mailing list