This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new ba0f8083fd avformat/aiffdec: Check for partial read
ba0f8083fd is described below
commit ba0f8083fd630480df873a2bead96e5b2e211dc7
Author: Michael Niedermayer <[email protected]>
AuthorDate: Sat Mar 7 12:22:35 2026 +0100
Commit: michaelni <[email protected]>
CommitDate: Wed Mar 11 20:06:26 2026 +0000
avformat/aiffdec: Check for partial read
Fixes: read of uninitialized memory
Fixes:
490305404/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6406386140643328
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavformat/aiffdec.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index ff47d8dc7b..8ae577cb71 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -23,6 +23,7 @@
#include "libavutil/dict.h"
#include "libavutil/mem.h"
#include "avformat.h"
+#include "avio_internal.h"
#include "demux.h"
#include "internal.h"
#include "pcm.h"
@@ -368,9 +369,10 @@ static int aiff_read_header(AVFormatContext *s)
if (len == 11 && size > 11) {
uint8_t chunk[11];
- ret = avio_read(pb, chunk, 11);
- if (ret > 0)
- size -= ret;
+ ret = ffio_read_size(pb, chunk, 11);
+ if (ret < 0)
+ return ret;
+ size -= ret;
if (!memcmp(chunk, "VADPCMCODES", sizeof(chunk))) {
if ((ret = ff_get_extradata(s, st->codecpar, pb,
size)) < 0)
return ret;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
