[FFmpeg-cvslog] avcodec/flashsv: check avio_read() return in mov_read_udta_string()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 14 18:27:50 2014 +0100| [b2ae92110f9ec31c254e85eb86719827e80362e6] | committer: Michael Niedermayer

avcodec/flashsv: check avio_read() return in mov_read_udta_string()

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f3f90a8606a_3018_Sequence_1-Apple_ProRes_422_LT.mov
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b2ae92110f9ec31c254e85eb86719827e80362e6
---

 libavformat/mov.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 8dc6062..a4804e4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -394,7 +394,9 @@ static int mov_read_udta_string(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         if (data_type == 3 || (data_type == 0 && (langcode < 0x400 || langcode == 0x7fff))) { // MAC Encoded
             mov_read_mac_string(c, pb, str_size, str, sizeof(str));
         } else {
-            avio_read(pb, str, str_size);
+            int ret = avio_read(pb, str, str_size);
+            if (ret != str_size)
+                return ret < 0 ? ret : AVERROR_INVALIDDATA;
             str[str_size] = 0;
         }
         av_dict_set(&c->fc->metadata, key, str, 0);