virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

icodec: correctly check avio_read return value

Browse Source 
It can read less than the requested amount, in which case buf contains
uninitialized data, causing problems like segmentation faults later on.

Also make sure that image->size is positive, so that it can't match a
negative error code.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun
2016-11-08 23:29:28 +01:00
parent c82b8ef0e4
commit 89eb398c7f
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libavformat/icodec.c
View File

@@ -109,6 +109,10 @@ static int read_header(AVFormatContext *s)
avio_skip(pb, 5);
ico->images[i].size = avio_rl32(pb);
if (ico->images[i].size <= 0) {
av_log(s, AV_LOG_ERROR, "Invalid image size %d\n", ico->images[i].size);
return AVERROR_INVALIDDATA;
}
ico->images[i].offset = avio_rl32(pb);
if (avio_seek(pb, ico->images[i].offset, SEEK_SET) < 0)
@@ -174,9 +178,9 @@ static int read_packet(AVFormatContext *s, AVPacket *pkt)
bytestream_put_le16(&buf, 0);
bytestream_put_le32(&buf, 0);
if ((ret = avio_read(pb, buf, image->size)) < 0) {
if ((ret = avio_read(pb, buf, image->size)) != image->size) {
av_packet_unref(pkt);
return ret;
return ret < 0 ? ret : AVERROR_INVALIDDATA;
}
st->codecpar->bits_per_coded_sample = AV_RL16(buf + 14);