From 28c1a8ebcadec6ba168664b5ece9e09159feb255 Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Sun, 8 Jun 2025 01:07:02 +0200
Subject: [PATCH 3/3] avformat/dhav: Check reading data

Prevents potential use of uninitialized data.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/dhav.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/libavformat/dhav.c b/libavformat/dhav.c
index ffd6d66359..9bdb23322d 100644
--- a/libavformat/dhav.c
+++ b/libavformat/dhav.c
@@ -261,13 +261,12 @@ static int64_t get_duration(AVFormatContext *s)
 
     end_buffer_size = FFMIN(MAX_DURATION_BUFFER_SIZE, size);
     end_buffer = av_malloc(end_buffer_size);
-    if (!end_buffer) {
-        avio_seek(s->pb, start_pos, SEEK_SET);
-        return 0;
-    }
+    if (!end_buffer)
+        goto fail;
     end_buffer_pos = size - end_buffer_size;
     avio_seek(s->pb, end_buffer_pos, SEEK_SET);
-    avio_read(s->pb, end_buffer, end_buffer_size);
+    if (ffio_read_size(s->pb, end_buffer, end_buffer_size) < 0)
+        goto fail;
 
     offset = end_buffer_size - 8;
     while (offset > 0) {
@@ -280,11 +279,8 @@ static int64_t get_duration(AVFormatContext *s)
         }
     }
 
-    if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size) {
-        av_freep(&end_buffer);
-        avio_seek(s->pb, start_pos, SEEK_SET);
-        return 0;
-    }
+    if (end_pos < 0 || end_pos + 16 > end_buffer_pos + end_buffer_size)
+        goto fail;
 
     date = AV_RL32(end_buffer + (end_pos - end_buffer_pos) + 16);
     get_timeinfo(date, &timeinfo);
@@ -295,6 +291,10 @@ static int64_t get_duration(AVFormatContext *s)
     avio_seek(s->pb, start_pos, SEEK_SET);
 
     return end - start;
+fail:
+    av_freep(&end_buffer);
+    avio_seek(s->pb, start_pos, SEEK_SET);
+    return 0;
 }
 
 static int dhav_read_header(AVFormatContext *s)
-- 
2.45.2