id3v2: catch avio_read errors in check_tag
authorAndreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Mon, 11 May 2015 18:07:49 +0000 (20:07 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Thu, 21 May 2015 18:43:38 +0000 (20:43 +0200)
Since len is an unsigned int, the comparison is currently treated as
unsigned and thus ignores all errors from avio_read.

Thus cast len to int, which is unproblematic, because at that point len
is between 0 and 4.

This fixes 'Conditional jump or move depends on uninitialised value'
valgrind warnings in is_tag.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 0382c94f13b4b20456b7259e90b170dc020419b8)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavformat/id3v2.c

index cbf4375..42c7247 100644 (file)
@@ -204,7 +204,7 @@ static int check_tag(AVIOContext *s, int offset, unsigned int len)
 
     if (len > 4 ||
         avio_seek(s, offset, SEEK_SET) < 0 ||
-        avio_read(s, tag, len) < len)
+        avio_read(s, tag, len) < (int)len)
         return -1;
     else if (!AV_RB32(tag) || is_tag(tag, len))
         return 1;