On Mon, Aug 04, 2025 at 07:54:41PM -0300, James Almer wrote:
> The check to return on EOF should not be inside a block that will not be entered after reaching EOF.
> Should fix "libavcodec/bytestream.h:144:27: runtime error: applying zero offset to null pointer".
> 
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>  libavformat/iff.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/iff.c b/libavformat/iff.c
> index 4ff10beb38..44ba5a9023 100644
> --- a/libavformat/iff.c
> +++ b/libavformat/iff.c
> @@ -969,9 +969,6 @@ static int iff_read_packet(AVFormatContext *s,
>          uint32_t chunk_id, chunk_id2;
>  
>          while (!avio_feof(pb)) {
> -            if (avio_feof(pb))
> -                return AVERROR_EOF;
> -
>              orig_pos  = avio_tell(pb);
>              chunk_id  = avio_rl32(pb);
>              data_size = avio_rb32(pb);
> @@ -988,6 +985,9 @@ static int iff_read_packet(AVFormatContext *s,
>                  avio_skip(pb, data_size);
>              }
>          }
> +        if (pb->eof_reached)
> +            return AVERROR_EOF;
> +
>          ret = av_get_packet(pb, pkt, data_size);
>          pkt->stream_index = iff->video_stream_index;
>          pkt->pos = orig_pos;

Please apply.

If this doesn't fix the UBSAN runtime error, I propose to add a
data_size sanity check immediately before av_get_packet:

    if (!data_size)
        return AVERROR_INVALIDDATA;

It seems some IFF ANIM files have lots of zeros around EOF, including
the file in fate samples.

-- Peter
(A907 E02F A6E5 0CD2 34CD 20D2 6760 79C5 AC40 DD6B)