This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit a19e69435b134fe3f11dec3ee97ee79fea156568 Author: Michael Niedermayer <[email protected]> AuthorDate: Sun Jun 21 17:51:54 2026 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 21 17:59:33 2026 +0200 avformat/flac_picture: Correct check The avio_read() return value was compared against an unsigned trunclen, so a negative error return was promoted to a large unsigned value and the error was missed, leaving data->data partially uninitialized. Use ffio_read_size() which fails on short/error reads. (cherry picked from commit 4aed9db83c... adapted to 4.4) Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/flac_picture.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavformat/flac_picture.c b/libavformat/flac_picture.c index f15cfa877a..be24cb4343 100644 --- a/libavformat/flac_picture.c +++ b/libavformat/flac_picture.c @@ -23,6 +23,7 @@ #include "libavcodec/bytestream.h" #include "libavcodec/png.h" #include "avformat.h" +#include "avio_internal.h" #include "flac_picture.h" #include "id3v2.h" #include "internal.h" @@ -152,8 +153,9 @@ int ff_flac_parse_picture(AVFormatContext *s, uint8_t *buf, int buf_size, int tr // If truncation was detected copy all data from block and read missing bytes // not included in the block size bytestream2_get_bufferu(&g, data->data, left); - if (avio_read(s->pb, data->data + len - trunclen, trunclen) < trunclen) - RETURN_ERROR(AVERROR_INVALIDDATA); + ret = ffio_read_size(s->pb, data->data + len - trunclen, trunclen); + if (ret < 0) + goto fail; } memset(data->data + len, 0, AV_INPUT_BUFFER_PADDING_SIZE); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
