mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
mov: always check avio_read return value
If avio_read fails, the buffer can contain uninitialized data. This fixes 'Conditional jump or move depends on uninitialised value(s)' valgrind warnings. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
parent
8e77f8ab4a
commit
b71528d896
@ -445,7 +445,8 @@ static int mov_read_chpl(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
if ((atom.size -= 9+str_len) < 0)
|
||||
return 0;
|
||||
|
||||
avio_read(pb, str, str_len);
|
||||
if (avio_read(pb, str, str_len) != str_len)
|
||||
return AVERROR_INVALIDDATA;
|
||||
str[str_len] = 0;
|
||||
avpriv_new_chapter(c->fc, i, (AVRational){1,10000000}, start, AV_NOPTS_VALUE, str);
|
||||
}
|
||||
@ -497,7 +498,8 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
|
||||
volume_len = avio_r8(pb);
|
||||
volume_len = FFMIN(volume_len, 27);
|
||||
avio_read(pb, dref->volume, 27);
|
||||
if (avio_read(pb, dref->volume, 27) != 27)
|
||||
return AVERROR_INVALIDDATA;
|
||||
dref->volume[volume_len] = 0;
|
||||
av_log(c->fc, AV_LOG_DEBUG, "volume %s, len %d\n", dref->volume, volume_len);
|
||||
|
||||
@ -505,7 +507,8 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
|
||||
len = avio_r8(pb);
|
||||
len = FFMIN(len, 63);
|
||||
avio_read(pb, dref->filename, 63);
|
||||
if (avio_read(pb, dref->filename, 63) != 63)
|
||||
return AVERROR_INVALIDDATA;
|
||||
dref->filename[len] = 0;
|
||||
av_log(c->fc, AV_LOG_DEBUG, "filename %s, len %d\n", dref->filename, len);
|
||||
|
||||
@ -532,7 +535,10 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
dref->path = av_mallocz(len+1);
|
||||
if (!dref->path)
|
||||
return AVERROR(ENOMEM);
|
||||
avio_read(pb, dref->path, len);
|
||||
if (avio_read(pb, dref->path, len) != len) {
|
||||
av_freep(&dref->path);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
if (type == 18) // no additional processing needed
|
||||
continue;
|
||||
if (len > volume_len && !strncmp(dref->path, dref->volume, volume_len)) {
|
||||
@ -549,8 +555,10 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
dref->dir = av_malloc(len+1);
|
||||
if (!dref->dir)
|
||||
return AVERROR(ENOMEM);
|
||||
if (avio_read(pb, dref->dir, len) != len)
|
||||
if (avio_read(pb, dref->dir, len) != len) {
|
||||
av_freep(&dref->dir);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
dref->dir[len] = 0;
|
||||
for (j = 0; j < len; j++)
|
||||
if (dref->dir[j] == ':')
|
||||
@ -606,7 +614,10 @@ static int mov_read_hdlr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
title_str = av_malloc(title_size + 1); /* Add null terminator */
|
||||
if (!title_str)
|
||||
return AVERROR(ENOMEM);
|
||||
avio_read(pb, title_str, title_size);
|
||||
if (avio_read(pb, title_str, title_size) != title_size) {
|
||||
av_freep(&title_str);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
title_str[title_size] = 0;
|
||||
if (title_str[0]) {
|
||||
int off = (!c->isom && title_str[0] == title_size - 1);
|
||||
@ -787,7 +798,8 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
char* comp_brands_str;
|
||||
uint8_t type[5] = {0};
|
||||
|
||||
avio_read(pb, type, 4);
|
||||
if (avio_read(pb, type, 4) != 4)
|
||||
return AVERROR_INVALIDDATA;
|
||||
if (strcmp(type, "qt "))
|
||||
c->isom = 1;
|
||||
av_log(c->fc, AV_LOG_DEBUG, "ISO: File Type Major Brand: %.4s\n",(char *)&type);
|
||||
@ -801,7 +813,10 @@ static int mov_read_ftyp(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
comp_brands_str = av_malloc(comp_brand_size + 1); /* Add null terminator */
|
||||
if (!comp_brands_str)
|
||||
return AVERROR(ENOMEM);
|
||||
avio_read(pb, comp_brands_str, comp_brand_size);
|
||||
if (avio_read(pb, comp_brands_str, comp_brand_size) != comp_brand_size) {
|
||||
av_freep(&comp_brands_str);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
comp_brands_str[comp_brand_size] = 0;
|
||||
av_dict_set(&c->fc->metadata, "compatible_brands", comp_brands_str, 0);
|
||||
av_freep(&comp_brands_str);
|
||||
@ -994,7 +1009,8 @@ static int mov_read_colr(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
return 0;
|
||||
st = c->fc->streams[c->fc->nb_streams - 1];
|
||||
|
||||
avio_read(pb, color_parameter_type, 4);
|
||||
if (avio_read(pb, color_parameter_type, 4) != 4)
|
||||
return AVERROR_INVALIDDATA;
|
||||
if (strncmp(color_parameter_type, "nclx", 4) &&
|
||||
strncmp(color_parameter_type, "nclc", 4)) {
|
||||
av_log(c->fc, AV_LOG_WARNING, "unsupported color_parameter_type %s\n",
|
||||
@ -2831,7 +2847,10 @@ static int mov_read_custom_2plus(MOVContext *c, AVIOContext *pb, int size)
|
||||
*p = av_malloc(len + 1);
|
||||
if (!*p)
|
||||
break;
|
||||
avio_read(pb, *p, len);
|
||||
if (avio_read(pb, *p, len) != len) {
|
||||
av_freep(p);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
(*p)[len] = 0;
|
||||
}
|
||||
|
||||
@ -3316,7 +3335,11 @@ static int mov_read_cmov(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
av_free(cmov_data);
|
||||
return AVERROR(ENOMEM);
|
||||
}
|
||||
avio_read(pb, cmov_data, cmov_len);
|
||||
if (avio_read(pb, cmov_data, cmov_len) != cmov_len) {
|
||||
av_freep(&cmov_data);
|
||||
av_freep(&moov_data);
|
||||
return AVERROR_INVALIDDATA;
|
||||
}
|
||||
if (uncompress (moov_data, (uLongf *) &moov_len, (const Bytef *)cmov_data, cmov_len) != Z_OK)
|
||||
goto free_and_return;
|
||||
if (ffio_init_context(&ctx, moov_data, moov_len, 0, NULL, NULL, NULL, NULL) != 0)
|
||||
@ -3577,7 +3600,8 @@ static int mov_read_default(MOVContext *c, AVIOContext *pb, MOVAtom atom)
|
||||
c->moov_retry) {
|
||||
uint8_t buf[8];
|
||||
uint32_t *type = (uint32_t *)buf + 1;
|
||||
avio_read(pb, buf, 8);
|
||||
if (avio_read(pb, buf, 8) != 8)
|
||||
return AVERROR_INVALIDDATA;
|
||||
avio_seek(pb, -8, SEEK_CUR);
|
||||
if (*type == MKTAG('m','v','h','d') ||
|
||||
*type == MKTAG('c','m','o','v')) {
|
||||
|
Loading…
Reference in New Issue
Block a user