From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 51BC04BD2C for ; Fri, 30 Jan 2026 07:26:54 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'OxL8zJY7fTGquShHmjYoMTyFtP9adtMgNzyNtMDC1TQ=', expected b'JH9O6Mldx38SfwlZnHMSdOF+Q+8wLhApj9gGIP1r8xo=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769758002; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=OxL8zJY7fTGquShHmjYoMTyFtP9adtMgNzyNtMDC1TQ=; b=0PeYnu4CeeB7iXAkrB7EgrsAZXT0Ghu3ojEwQUr8s9XUIm1u3C6NrbGk2rQdjP7F0dJSE Odkhed5nC8U/pCPu6LMXGgbkKtbS5ZZCrWvjxPM/caF7lvhkkD5pTwNplaFVeUiSE24Tdoh iXA2TaCYb+jRjYRLMhDww5Gbd9Bfseoymo/Xvi6jy2+fX6KWVPl5c8fquflNpcKKXLEmNRW 44EcmOWlwPL+dSjjU1PLrlcqwrOiiNRuq9sWkqDsWDHb1i0p3k3Z7p14/v5pZFgeEpPDs7d lEeFfkVLHhD30YwNRlqlEQmLxKIr7FRu5kASZMV1ZBkI3kOO9zUHbp6rT47w== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id D225B690FBD; Fri, 30 Jan 2026 09:26:42 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1769757986; b=BHNqAuztUk2YEd3ERfJFImNwcVMm5dqK7xH74wEYPnkLeOaCdw+XF9sTvOF7G1/HMkHSx hSnQ0zxhN4HF/SJlOh3kK5B6ps1Y2+5g+Jk2v3Lqy5T0DWRQrdGZkCIosPxFcA4Kvr5qTXy /XX6VOdDn/bKeyikxhE0H6Yny8Wmt9OmeU9LyUUktnRVepvEuQB6Zd6IoMck7olnnY/19V/ jXib7YnQDUcEoj6DjOrrKncjYRwRmH8bqSGZ33MGYoskzFvT9nU5HaFIKJB173PySIyEyTj H/wteva/Q7/GlIM7LXKugNG8Cydq4irxEP6gIN7IF5NDKoedbvbEyQuaVGbA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1769757986; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=v/kULMKvgwMqQiEOPY9goYod9oLrboJ3VmXg3YM9A2o=; b=VT3x5/lz5vCH2GU9O29/ul6vwZRhkDdmOtHoapHFF0hkPGaND9kTdMNsrWHyJB4p5WesL p2TFqGDqvGJ6OWaqQk0aLO69jaed31nyTkqmiITzpSX85Ou+2/ZCNod0oEpWbFQPREVYTAx k4DvxWi2zY12p/AOt57UZ1tNHT+dUknT32JtNNHdy1H+dtGP/bd6EKPLAVh/6mtXdnDYVdL qG4qZ03/Kg0GwStRbC6dxRG+Uo+oGBsUA4FkToXiEg1qszFBG9RIDLsF9P1fit13lvxWah6 bCVUSPA/4mr4NLZS3+6+WE2u3dStR47HKJv55ZOS40uhv+TMg6bLatQJ/3GQ== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1769757975; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=JH9O6Mldx38SfwlZnHMSdOF+Q+8wLhApj9gGIP1r8xo=; b=b6EaQ5UmmquM9KN5lD9vkuVJNlHVhWB0lWIAAFxXauqWCUVJT+PcpUcZQ12zrIgIbnxa4 g17wZNZIpM6hqjA02KdUBTMEUjfXFB2RZIp9EZFj3QSvp24XDWKbFhIUuX7G+Ip6xlF3yHy DDVDlmQOmMjb+uLz0VstLnGNIQ7j+UI+GyrMlAfS+jePxMkkAsEfk/2GKxCMhqVevIsQQd4 at5k2f/NXuus80lGyTX6f1MgFfAxxWwFnVgD9MHURoShljWODcTNQNbMr6iLQ0oHjrMS8gU mUeiMJpV1T/eqDpL2iZ5Kmv9nf9tFom2YyhUQX40sbW6RFhZ1J3ZkXTc2TPA== Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B1B90690DCF for ; Fri, 30 Jan 2026 09:26:15 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 30 Jan 2026 07:26:15 -0000 Message-ID: <176975797594.25.4654886229252743642@4457048688e7> Message-ID-Hash: SYPCVRWKI2WX7BGYXYDVOHOJFH2VJGXQ X-Message-ID-Hash: SYPCVRWKI2WX7BGYXYDVOHOJFH2VJGXQ X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat{mlvdec,dss,dtshddec}: check return code of avio_read() (PR #21607) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Yalda via ffmpeg-devel Cc: Yalda Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21607 opened by Yalda URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21607 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21607.patch fixes #21520 (unchecked avio_read() return leads to uninitialized memory read) >>From 6e21df6bb2bd8acb4415a59721254d37e778c242 Mon Sep 17 00:00:00 2001 From: Yalda Date: Fri, 30 Jan 2026 01:14:29 -0600 Subject: [PATCH 1/3] avformat/dtshddec: check return code of avio_read() Signed-off-by: Yalda --- libavformat/dtshddec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/dtshddec.c b/libavformat/dtshddec.c index 28d3aeb47a..826a174051 100644 --- a/libavformat/dtshddec.c +++ b/libavformat/dtshddec.c @@ -119,7 +119,9 @@ static int dtshd_read_header(AVFormatContext *s) value = av_malloc(chunk_size); if (!value) goto skip; - avio_read(pb, value, chunk_size); + ret = avio_read(pb, value, chunk_size); + if (ret < 0) + return ret; value[chunk_size - 1] = 0; av_dict_set(&s->metadata, "fileinfo", value, AV_DICT_DONT_STRDUP_VAL); -- 2.52.0 >>From 8ea3bbe42d89fbf9cdff11a5c83cb5029e166bf6 Mon Sep 17 00:00:00 2001 From: Yalda Date: Fri, 30 Jan 2026 01:15:51 -0600 Subject: [PATCH 2/3] avformat/dss: check return code of avio_read() Signed-off-by: Yalda --- libavformat/dss.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/dss.c b/libavformat/dss.c index 6cabdb5421..b7d25c644a 100644 --- a/libavformat/dss.c +++ b/libavformat/dss.c @@ -339,7 +339,10 @@ static int dss_read_seek(AVFormatContext *s, int stream_index, if (ret < 0) return ret; - avio_read(s->pb, header, DSS_AUDIO_BLOCK_HEADER_SIZE); + ret = avio_read(s->pb, header, DSS_AUDIO_BLOCK_HEADER_SIZE); + if (ret < 0) + return ret; + ctx->swap = !!(header[0] & 0x80); offset = 2*header[1] + 2*ctx->swap; if (offset < DSS_AUDIO_BLOCK_HEADER_SIZE) -- 2.52.0 >>From 1ebf23a45b69064549c2bd400e27aeba66b51f3a Mon Sep 17 00:00:00 2001 From: Yalda Date: Fri, 30 Jan 2026 01:17:41 -0600 Subject: [PATCH 3/3] avformat/mlvdec: check return code of avio_read() Signed-off-by: Yalda --- libavformat/mlvdec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c index 3a5d211085..e9b3b2930a 100644 --- a/libavformat/mlvdec.c +++ b/libavformat/mlvdec.c @@ -74,12 +74,15 @@ static int check_file_header(AVIOContext *pb, uint64_t guid) { unsigned int size; uint8_t version[8]; + int ret; avio_skip(pb, 4); size = avio_rl32(pb); if (size < 52) return AVERROR_INVALIDDATA; - avio_read(pb, version, 8); + ret = avio_read(pb, version, 8); + if (ret < 0) + return ret; if (memcmp(version, MLV_VERSION, 5) || avio_rl64(pb) != guid) return AVERROR_INVALIDDATA; avio_skip(pb, size - 24); -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org