[FFmpeg-devel] [PATCH 2/7] avformat/mxfdec: Check avio_read() success in mxf_decrypt_triplet()
Michael Niedermayer
michael at niedermayer.cc
Tue Jan 21 20:09:49 EET 2025
On Tue, Sep 24, 2024 at 06:58:31PM +0200, Tomas Härdin wrote:
> mån 2024-09-23 klockan 23:32 +0200 skrev Michael Niedermayer:
> > Fixes: Use of uninitialized memory
> > Fixes: 71444/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
> > 5448597561212928
> >
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/mxfdec.c | 3 ++-
> > 1 file changed, 2 insertions(+), 1 deletion(-)
> >
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index 24f4ed1c33d..b232c45f47d 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -671,7 +671,8 @@ static int mxf_decrypt_triplet(AVFormatContext
> > *s, AVPacket *pkt, KLVPacket *klv
> > if (size < 32 || size - 32 < orig_size || (int)orig_size !=
> > orig_size)
> > return AVERROR_INVALIDDATA;
> > avio_read(pb, ivec, 16);
> > - avio_read(pb, tmpbuf, 16);
> > + if (avio_read(pb, tmpbuf, 16) != 16)
> > + return AVERROR_INVALIDDATA;
>
> I get the feeling mxfdec has a whole bunch of these..
yeah, and i have even forgotten to apply this one
will apply it now at least
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20250121/ce102be1/attachment.sig>
More information about the ffmpeg-devel
mailing list