[FFmpeg-cvslog] rmdec: dont return uninitialized data
Michael Niedermayer
git at videolan.org
Wed Apr 17 02:19:22 CEST 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Wed Apr 17 01:31:53 2013 +0200| [161dee43213dafee0f7d969320fc4bc5318ba68d] | committer: Michael Niedermayer
rmdec: dont return uninitialized data
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=161dee43213dafee0f7d969320fc4bc5318ba68d
---
libavformat/rmdec.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 478b35b..13d1d25 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -662,6 +662,7 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb,
int hdr;
int seq = 0, pic_num = 0, len2 = 0, pos = 0; //init to silcense compiler warning
int type;
+ int ret;
hdr = avio_r8(pb); len--;
type = hdr >> 6;
@@ -690,7 +691,10 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb,
pkt->data[0] = 0;
AV_WL32(pkt->data + 1, 1);
AV_WL32(pkt->data + 5, 0);
- avio_read(pb, pkt->data + 9, len);
+ if ((ret = avio_read(pb, pkt->data + 9, len)) != len) {
+ av_free_packet(pkt);
+ return ret < 0 ? ret : AVERROR(EIO);
+ }
return 0;
}
//now we have to deal with single slice
@@ -706,6 +710,7 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb,
av_free_packet(&vst->pkt); //FIXME this should be output.
if(av_new_packet(&vst->pkt, vst->videobufsize) < 0)
return AVERROR(ENOMEM);
+ memset(vst->pkt.data, 0, vst->pkt.size);
vst->videobufpos = 8*vst->slices + 1;
vst->cur_slice = 0;
vst->curpic_num = pic_num;
More information about the ffmpeg-cvslog
mailing list