From 28c1a8ebcadec6ba168664b5ece9e09159feb255 Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Sun, 8 Jun 2025 01:07:02 +0200 Subject: [PATCH 3/3] avformat/dhav: Check reading data Prevents potential use of uninitialized data. Signed-off-by: Andreas Rheinhardt --- libavformat/dhav.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/libavformat/dhav.c b/libavformat/dhav.c index ffd6d66359..9bdb23322d 100644 --- a/libavformat/dhav.c +++ b/libavformat/dhav.c @@ -261,13 +261,12 @@ static int64_t get_duration(AVFormatContext *s) end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size); end_buffer = av_malloc(end_buffer_size); - if (!end_buffer) { - avio_seek(s->pb, start_pos, SEEK_SET); - return 0; - } + if (!end_buffer) + goto fail; end_buffer_pos = size - end_buffer_size; avio_seek(s->pb, end_buffer_pos, SEEK_SET); - avio_read(s->pb, end_buffer, end_buffer_size); + if (ffio_read_size(s->pb, end_buffer, end_buffer_size) < 0) + goto fail; offset = end_buffer_size - 8; while (offset > 0) { @@ -280,11 +279,8 @@ static int64_t get_duration(AVFormatContext *s) } } - if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size) { - av_freep(&end_buffer); - avio_seek(s->pb, start_pos, SEEK_SET); - return 0; - } + if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size) + goto fail; date = AV_RL32(end_buffer + (end_pos - end_buffer_pos) + 16); get_timeinfo(date, &timeinfo); @@ -295,6 +291,10 @@ static int64_t get_duration(AVFormatContext *s) avio_seek(s->pb, start_pos, SEEK_SET); return end - start; +fail: + av_freep(&end_buffer); + avio_seek(s->pb, start_pos, SEEK_SET); + return 0; } static int dhav_read_header(AVFormatContext *s) -- 2.45.2