From ba0f8083fd630480df873a2bead96e5b2e211dc7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sat, 7 Mar 2026 12:22:35 +0100
Subject: [PATCH] avformat/aiffdec: Check for partial read

Fixes: read of uninitialized memory
Fixes: 490305404/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6406386140643328

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/aiffdec.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index ff47d8dc7b..8ae577cb71 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -23,6 +23,7 @@
 #include "libavutil/dict.h"
 #include "libavutil/mem.h"
 #include "avformat.h"
+#include "avio_internal.h"
 #include "demux.h"
 #include "internal.h"
 #include "pcm.h"
@@ -368,9 +369,10 @@ static int aiff_read_header(AVFormatContext *s)
                     if (len == 11 && size > 11) {
                         uint8_t chunk[11];
 
-                        ret = avio_read(pb, chunk, 11);
-                        if (ret > 0)
-                            size -= ret;
+                        ret = ffio_read_size(pb, chunk, 11);
+                        if (ret < 0)
+                            return ret;
+                        size -= ret;
                         if (!memcmp(chunk, "VADPCMCODES", sizeof(chunk))) {
                             if ((ret = ff_get_extradata(s, st->codecpar, pb, size)) < 0)
                                 return ret;