[FFmpeg-cvslog] libavformat/amr.c: Check return value from avio_read()

[John Rummell]

ffmpeg | branch: release/2.8 | John Rummell <jrummell at chromium.org> | Mon Mar 30 21:30:33 2020 -0700| [1881989f2f297c857fcffc50f57bcfb7a74fcb79] | committer: Michael Niedermayer

libavformat/amr.c: Check return value from avio_read()

If the buffer doesn't contain enough bytes when reading a stream,
fail rather than continuing on with initialized data. Caught by
Chromium fuzzeras (crbug.com/1065731).

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 5b967f56b6d85f62446836fc8ef64d0dcfcbda17)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1881989f2f297c857fcffc50f57bcfb7a74fcb79
---

 libavformat/amr.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/amr.c b/libavformat/amr.c
index 8f44de1b38..e07b71c4e7 100644
--- a/libavformat/amr.c
+++ b/libavformat/amr.c
@@ -83,13 +83,15 @@ static int amr_read_header(AVFormatContext *s)
     AVStream *st;
     uint8_t header[9];
 
-    avio_read(pb, header, 6);
+    if (avio_read(pb, header, 6) != 6)
+        return AVERROR_INVALIDDATA;
 
     st = avformat_new_stream(s, NULL);
     if (!st)
         return AVERROR(ENOMEM);
     if (memcmp(header, AMR_header, 6)) {
-        avio_read(pb, header + 6, 3);
+        if (avio_read(pb, header + 6, 3) != 3)
+            return AVERROR_INVALIDDATA;
         if (memcmp(header, AMRWB_header, 9)) {
             return -1;
         }