cafdec: check avio_read return value
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Tue, 12 May 2015 21:49:45 +0000 (23:49 +0200)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Thu, 14 May 2015 17:14:19 +0000 (19:14 +0200)
If avio_read fails, the buffer can contain uninitialized values.

Reviewed-by: Carl Eugen Hoyos <cehoyos@ag.or.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
(cherry picked from commit a3ede6b742f37d511253ab4c2fd98c13203f1cd3)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavformat/cafdec.c

index e31c0a5..abbb353 100644 (file)
@@ -129,7 +129,10 @@ static int read_kuki_chunk(AVFormatContext *s, int64_t size)
             avio_skip(pb, size);
             return AVERROR_INVALIDDATA;
         }
-        avio_read(pb, preamble, ALAC_PREAMBLE);
+        if (avio_read(pb, preamble, ALAC_PREAMBLE) != ALAC_PREAMBLE) {
+            av_log(s, AV_LOG_ERROR, "failed to read preamble\n");
+            return AVERROR_INVALIDDATA;
+        }
 
         if (ff_alloc_extradata(st->codec, ALAC_HEADER))
             return AVERROR(ENOMEM);
@@ -144,14 +147,22 @@ static int read_kuki_chunk(AVFormatContext *s, int64_t size)
                 av_freep(&st->codec->extradata);
                 return AVERROR_INVALIDDATA;
             }
-            avio_read(pb, st->codec->extradata, ALAC_HEADER);
+            if (avio_read(pb, st->codec->extradata, ALAC_HEADER) != ALAC_HEADER) {
+                av_log(s, AV_LOG_ERROR, "failed to read kuki header\n");
+                av_freep(&st->codec->extradata);
+                return AVERROR_INVALIDDATA;
+            }
             avio_skip(pb, size - ALAC_PREAMBLE - ALAC_HEADER);
         } else {
             AV_WB32(st->codec->extradata, 36);
             memcpy(&st->codec->extradata[4], "alac", 4);
             AV_WB32(&st->codec->extradata[8], 0);
             memcpy(&st->codec->extradata[12], preamble, 12);
-            avio_read(pb, &st->codec->extradata[24], ALAC_NEW_KUKI - 12);
+            if (avio_read(pb, &st->codec->extradata[24], ALAC_NEW_KUKI - 12) != ALAC_NEW_KUKI - 12) {
+                av_log(s, AV_LOG_ERROR, "failed to read new kuki header\n");
+                av_freep(&st->codec->extradata);
+                return AVERROR_INVALIDDATA;
+            }
             avio_skip(pb, size - ALAC_NEW_KUKI);
         }
     } else {