[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype

chcunningham git at videolan.org
Thu Mar 21 20:13:24 EET 2019


ffmpeg | branch: release/4.0 | chcunningham <chcunningham at chromium.org> | Fri Dec 14 13:44:07 2018 -0800| [e02f55a3c5c3761ddcbd326c62bdf571bb2be0b4] | committer: Michael Niedermayer

lavf/id3v2: fail read_apic on EOF reading mimetype

avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.

Reviewed-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e02f55a3c5c3761ddcbd326c62bdf571bb2be0b4
---

 libavformat/id3v2.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index f7de26a1d8..5fe055b591 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -590,7 +590,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
                       int isv34)
 {
     int enc, pic_type;
-    char mimetype[64];
+    char mimetype[64] = {0};
     const CodecMime *mime     = ff_id3v2_mime_tags;
     enum AVCodecID id         = AV_CODEC_ID_NONE;
     ID3v2ExtraMetaAPIC *apic  = NULL;
@@ -612,7 +612,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
     if (isv34) {
         taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
     } else {
-        avio_read(pb, mimetype, 3);
+        if (avio_read(pb, mimetype, 3) < 0)
+            goto fail;
+
         mimetype[3] = 0;
         taglen    -= 3;
     }



More information about the ffmpeg-cvslog mailing list