From 3e8f9107090d8bef97b389e8d28ccbe03d3f45f2 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Mon, 28 Apr 2025 11:25:26 +0200
Subject: [PATCH 2/5] avformat/apvdec: Check before access

The signature check would segfault in case the packet could not
be allocated or if nothing could be read.
Furthermore, read_packet callbacks are supposed to return zero
on success, yet the current code returned the size of the packet.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apvdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c
index 9f94a901ec..6a972c6d9a 100644
--- a/libavformat/apvdec.c
+++ b/libavformat/apvdec.c
@@ -225,6 +225,8 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
     }
 
     ret = av_get_packet(s->pb, pkt, au_size);
+    if (ret < 0)
+        return ret;
     pkt->flags        = AV_PKT_FLAG_KEY;
 
     signature = AV_RB32(pkt->data);
@@ -233,7 +235,7 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
         return AVERROR_INVALIDDATA;
     }
 
-    return ret;
+    return 0;
 }
 
 const FFInputFormat ff_apv_demuxer = {
-- 
2.45.2