From 3e8f9107090d8bef97b389e8d28ccbe03d3f45f2 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> Date: Mon, 28 Apr 2025 11:25:26 +0200 Subject: [PATCH 2/5] avformat/apvdec: Check before access The signature check would segfault in case the packet could not be allocated or if nothing could be read. Furthermore, read_packet callbacks are supposed to return zero on success, yet the current code returned the size of the packet. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com> --- libavformat/apvdec.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c index 9f94a901ec..6a972c6d9a 100644 --- a/libavformat/apvdec.c +++ b/libavformat/apvdec.c @@ -225,6 +225,8 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt) } ret = av_get_packet(s->pb, pkt, au_size); + if (ret < 0) + return ret; pkt->flags = AV_PKT_FLAG_KEY; signature = AV_RB32(pkt->data); @@ -233,7 +235,7 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt) return AVERROR_INVALIDDATA; } - return ret; + return 0; } const FFInputFormat ff_apv_demuxer = { -- 2.45.2