root
/
FFmpeg
mirror of https://github.com/FFmpeg/FFmpeg.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

avformat/mpeg: Check an avio_read() for failure 

Fixes: use-of-uninitialized-value
Fixes: 70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 66ee75d76c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-08-04 21:27:44 +02:00
parent 4eceda7528
commit c9a2d48c2e
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
2 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/mvha.c
View File

@ -187,8 +187,8 @@ static int decode_frame(AVCodecContext *avctx,
av_log(avctx, AV_LOG_ERROR, "Inflate error: %d\n", ret);
return AVERROR_EXTERNAL;
}
if (zstream->avail_out > 0)
memset(zstream->next_out, 0, zstream->avail_out);
if (s->zstream.avail_out > 0)
memset(s->zstream.next_out, 0, s->zstream.avail_out);
}
}
} else if (type == MKTAG('H','U','F','Y')) {

4
libavformat/mpeg.c
View File

@ -554,7 +554,9 @@ redo:
static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 };
unsigned char buf[8];
avio_read(s->pb, buf, 8);
ret = avio_read(s->pb, buf, 8);
if (ret != 8)
return AVERROR_INVALIDDATA;
avio_seek(s->pb, -8, SEEK_CUR);
if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1))
codec_id = AV_CODEC_ID_CAVS;