[FFmpeg-devel] [PATCH 3/4] avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()
Marton Balint
cus at passwd.hu
Sun Mar 13 17:52:25 EET 2022
On Sun, 13 Mar 2022, Michael Niedermayer wrote:
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mxfdec.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index d7cdd22c8a..828fc0f9f1 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void *arg, AVIOContext *pb, int tag, i
>
> static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
> {
> + int64_t ret;
> unsigned c = avio_rb32(pb);
>
> //avio_read() used int
> @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
> return AVERROR(ENOMEM);
> }
> avio_skip(pb, 4); /* useless size of objects, always 16 according to specs */
> - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID));
> + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID));
> + if (ret != *count * sizeof(UID)) {
> + *count = ret < 0 ? 0 : ret / sizeof(UID);
I suggest you hard fail if the read count is not the expected, do not
silently ignore corrupt file.
Regards,
Marton
> + return ret < 0 ? ret : AVERROR_INVALIDDATA;
> + }
> +
> return 0;
> }
>
> --
> 2.17.1
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
>
More information about the ffmpeg-devel
mailing list