[FFmpeg-devel] [PATCH 2/3] nutdec: always check the get_str return value

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Fri May 22 23:36:32 CEST 2015 

If it fails, the buffers can be (partially) uninitialized.

This fixes 'Conditional jump or move depends on uninitialised value(s)'
valgrind warnings.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
 libavformat/nutdec.c | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c
index 935adea..969f446 100644
--- a/libavformat/nutdec.c
+++ b/libavformat/nutdec.c
@@ -544,11 +544,15 @@ static int decode_info_header(NUTContext *nut)
 
         if (value == -1) {
             type = "UTF-8";
-            get_str(bc, str_value, sizeof(str_value));
+            ret = get_str(bc, str_value, sizeof(str_value));
         } else if (value == -2) {
-            get_str(bc, type_str, sizeof(type_str));
+            ret = get_str(bc, type_str, sizeof(type_str));
+            if (ret < 0) {
+                av_log(s, AV_LOG_ERROR, "get_str failed while decoding info header\n");
+                return ret;
+            }
             type = type_str;
-            get_str(bc, str_value, sizeof(str_value));
+            ret = get_str(bc, str_value, sizeof(str_value));
         } else if (value == -3) {
             type  = "s";
             value = get_s(bc);
@@ -562,6 +566,11 @@ static int decode_info_header(NUTContext *nut)
             type = "v";
         }
 
+        if (ret < 0) {
+            av_log(s, AV_LOG_ERROR, "get_str failed while decoding info header\n");
+            return ret;
+        }
+
         if (stream_id_plus1 > s->nb_streams) {
             av_log(s, AV_LOG_ERROR, "invalid stream id for info packet\n");
             continue;
@@ -872,13 +881,21 @@ static int read_sm_data(AVFormatContext *s, AVIOContext *bc, AVPacket *pkt, int
         value = get_s(bc);
 
         if (value == -1) {
-            get_str(bc, str_value, sizeof(str_value));
+            ret = get_str(bc, str_value, sizeof(str_value));
+            if (ret < 0) {
+                av_log(s, AV_LOG_ERROR, "get_str failed while reading sm data\n");
+                return ret;
+            }
             av_log(s, AV_LOG_WARNING, "Unknown string %s / %s\n", name, str_value);
         } else if (value == -2) {
             uint8_t *dst = NULL;
             int64_t v64, value_len;
 
-            get_str(bc, type_str, sizeof(type_str));
+            ret = get_str(bc, type_str, sizeof(type_str));
+            if (ret < 0) {
+                av_log(s, AV_LOG_ERROR, "get_str failed while reading sm data\n");
+                return ret;
+            }
             value_len = ffio_read_varlen(bc);
             if (avio_tell(bc) + value_len >= maxpos)
                 return AVERROR_INVALIDDATA;
-- 
2.1.4

More information about the ffmpeg-devel mailing list