Sankalpa Sarkar 65eed0732c avformat: check avio_read() return values in dss/dtshd/mlv ...

Multiple demuxers call avio_read() without checking its return
value. When input is truncated, destination buffers remain
uninitialized but are still used for offset calculations, memcmp,
and metadata handling. This results in undefined behavior
(detectable with Valgrind/MSan).

Fix this by checking the return value of avio_read() in:
- dss.c: dss_read_seek() — check before using header buffer
- dtshddec.c: FILEINFO chunk — check before using value buffer
- mlvdec.c: check_file_header() — check before memcmp on version

Fixes: #21520

2026-04-02 19:06:59 +00:00

10 KiB

Raw Permalink Blame History

View Raw