From fa197924a66d83106c5d4dadb8610a1c526afd67 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 23 Jul 2025 01:57:54 +0200
Subject: [PATCH] avformat/asfdec_f: Check amount of value read

Fixes: use of uninitialized memory
Fixes: 403675492/clusterfuzz-testcase-minimized-ffmpeg_dem_ASF_fuzzer-4754281823797248

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/asfdec_f.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index ea6e8ef4f3..c9010179b8 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -240,8 +240,10 @@ static void get_tag(AVFormatContext *s, const char *key, int type, int len, int
     case ASF_UNICODE:
         avio_get_str16le(s->pb, len, value, 2 * len + 1);
         break;
-    case -1: // ASCI
-        avio_read(s->pb, value, len);
+    case -1:; // ASCII
+        int ret = ffio_read_size(s->pb, value, len);
+        if (ret < 0)
+            goto finish;
         value[len]=0;
         break;
     case ASF_BYTE_ARRAY: