[FFmpeg-devel] [PATCH] avformat/mov: ensure required number of bytes is read
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Thu Aug 8 23:25:45 EEST 2024
James Almer:
> On 8/7/2024 11:09 AM, Kacper Michajłow wrote:
>> Fixes: use-of-uninitialized-value
>>
>> Found by OSS-Fuzz.
>> ---
>> libavformat/mov.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavformat/mov.c b/libavformat/mov.c
>> index 1052691936..f2d8aee766 100644
>> --- a/libavformat/mov.c
>> +++ b/libavformat/mov.c
>> @@ -7096,7 +7096,7 @@ static int mov_read_free(MOVContext *c,
>> AVIOContext *pb, MOVAtom atom)
>> if (atom.size < 8)
>> return 0;
>> - ret = avio_read(pb, content, FFMIN(sizeof(content), atom.size));
>> + ret = ffio_read_size(pb, content, FFMIN(sizeof(content),
>> atom.size));
>> if (ret < 0)
>> return ret;
>
> Unrelated (somewhat) to this patch, but why does ffio_read_size()
> replace EOF with INVALIDDATA? Is it a good idea to mask the former?
>
ffio_read_size() is supposed to be used in scenarios where a certain
number of bytes is supposed to be available (e.g. because some size
field says that there have to be that many bytes of payload there). If
we are at EOF when there is supposed to be data, the file is invalid.
- Andreas
More information about the ffmpeg-devel
mailing list