github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

avformat/aiffdec: Check for partial read

Browse Source 
Fixes: read of uninitialized memory
Fixes: 490305404/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6406386140643328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2026-03-07 12:22:35 +01:00
committed by michaelni
parent 5074d9f06e
commit ba0f8083fd
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
libavformat/aiffdec.c
View File

@@ -23,6 +23,7 @@
#include "libavutil/dict.h"
#include "libavutil/mem.h"
#include "avformat.h"
#include "avio_internal.h"
#include "demux.h"
#include "internal.h"
#include "pcm.h"
@@ -368,9 +369,10 @@ static int aiff_read_header(AVFormatContext *s)
if (len == 11 && size > 11) {
uint8_t chunk[11];
ret = avio_read(pb, chunk, 11);
if (ret > 0)
size -= ret;
ret = ffio_read_size(pb, chunk, 11);
if (ret < 0)
return ret;
size -= ret;
if (!memcmp(chunk, "VADPCMCODES", sizeof(chunk))) {
if ((ret = ff_get_extradata(s, st->codecpar, pb, size)) < 0)
return ret;