[FFmpeg-cvslog] avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Michael Niedermayer
git at videolan.org
Thu Jan 23 03:15:03 EET 2025
ffmpeg | branch: release/7.1 | Michael Niedermayer <michael at niedermayer.cc> | Mon Sep 23 20:05:37 2024 +0200| [a7a6d92e841815780f1fc137e60cc88317f634bd] | committer: Michael Niedermayer
avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Fixes: Use of uninitialized memory
Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ecc96f4d08d74b0590ab03f39f93f386910c4c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a7a6d92e841815780f1fc137e60cc88317f634bd
---
libavformat/mxfdec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index a263239288..682f724260 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -671,7 +671,8 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv
if (size < 32 || size - 32 < orig_size || (int)orig_size != orig_size)
return AVERROR_INVALIDDATA;
avio_read(pb, ivec, 16);
- avio_read(pb, tmpbuf, 16);
+ if (avio_read(pb, tmpbuf, 16) != 16)
+ return AVERROR_INVALIDDATA;
if (mxf->aesc)
av_aes_crypt(mxf->aesc, tmpbuf, tmpbuf, 1, ivec, 1);
if (memcmp(tmpbuf, checkv, 16))
More information about the ffmpeg-cvslog
mailing list