[FFmpeg-cvslog] avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Michael Niedermayer
git at videolan.org
Fri May 16 20:59:03 EEST 2025
ffmpeg | branch: release/4.2 | Michael Niedermayer <michael at niedermayer.cc> | Mon Sep 23 20:05:37 2024 +0200| [6b4205c95e78ea2f289b31297d8ed705a93807c2] | committer: Michael Niedermayer
avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Fixes: Use of uninitialized memory
Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-5448597561212928
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 6ecc96f4d08d74b0590ab03f39f93f386910c4c0)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=6b4205c95e78ea2f289b31297d8ed705a93807c2
---
libavformat/mxfdec.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 8b0c7f271e..4e8817d7a4 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -608,7 +608,8 @@ static int mxf_decrypt_triplet(AVFormatContext *s, AVPacket *pkt, KLVPacket *klv
if (size < 32 || size - 32 < orig_size || (int)orig_size != orig_size)
return AVERROR_INVALIDDATA;
avio_read(pb, ivec, 16);
- avio_read(pb, tmpbuf, 16);
+ if (avio_read(pb, tmpbuf, 16) != 16)
+ return AVERROR_INVALIDDATA;
if (mxf->aesc)
av_aes_crypt(mxf->aesc, tmpbuf, tmpbuf, 1, ivec, 1);
if (memcmp(tmpbuf, checkv, 16))
More information about the ffmpeg-cvslog
mailing list