[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype
chcunningham
git at videolan.org
Thu Mar 28 18:32:52 EET 2019
ffmpeg | branch: release/3.4 | chcunningham <chcunningham at chromium.org> | Fri Dec 14 13:44:07 2018 -0800| [96062eb3cc82134921f12da02c2842fa21208742] | committer: Michael Niedermayer
lavf/id3v2: fail read_apic on EOF reading mimetype
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin <tjoppen at acc.umu.se>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96062eb3cc82134921f12da02c2842fa21208742
---
libavformat/id3v2.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 6c216ba7a2..ac39b03af4 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -589,7 +589,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
int isv34)
{
int enc, pic_type;
- char mimetype[64];
+ char mimetype[64] = {0};
const CodecMime *mime = ff_id3v2_mime_tags;
enum AVCodecID id = AV_CODEC_ID_NONE;
ID3v2ExtraMetaAPIC *apic = NULL;
@@ -611,7 +611,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
} else {
- avio_read(pb, mimetype, 3);
+ if (avio_read(pb, mimetype, 3) < 0)
+ goto fail;
+
mimetype[3] = 0;
taglen -= 3;
}
More information about the ffmpeg-cvslog
mailing list