[FFmpeg-devel] [PATCH 3/4] avformat/mxfdec: Check for avio_read() failure in mxf_read_strong_ref_array()
Tomas Härdin
tjoppen at acc.umu.se
Mon Mar 14 21:21:04 EET 2022
sön 2022-03-13 klockan 00:52 +0100 skrev Michael Niedermayer:
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavformat/mxfdec.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> index d7cdd22c8a..828fc0f9f1 100644
> --- a/libavformat/mxfdec.c
> +++ b/libavformat/mxfdec.c
> @@ -932,6 +932,7 @@ static int mxf_read_cryptographic_context(void
> *arg, AVIOContext *pb, int tag, i
>
> static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs,
> int *count)
> {
> + int64_t ret;
> unsigned c = avio_rb32(pb);
>
> //avio_read() used int
> @@ -946,7 +947,12 @@ static int mxf_read_strong_ref_array(AVIOContext
> *pb, UID **refs, int *count)
> return AVERROR(ENOMEM);
> }
> avio_skip(pb, 4); /* useless size of objects, always 16
> according to specs */
> - avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID));
> + ret = avio_read(pb, (uint8_t *)*refs, *count * sizeof(UID));
> + if (ret != *count * sizeof(UID)) {
> + *count = ret < 0 ? 0 : ret / sizeof(UID);
> + return ret < 0 ? ret : AVERROR_INVALIDDATA;
Looks ok
/Tomas
More information about the ffmpeg-devel
mailing list