[FFmpeg-devel] [PR] avformat/wtvdec: Check that language is fully read (PR #22254)

Sun, 22 Feb 2026 08:06:21 -0800 

PR #22254 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22254
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22254.patch

Fixes: use-of-uninitialized-value
Fixes: 
483856523/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5221422609006592

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>


>From ad28d78639c4cbbb7f4975977e777206896e4e9e Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <[email protected]>
Date: Sun, 22 Feb 2026 13:47:23 +0100
Subject: [PATCH] avformat/wtvdec: Check that language is fully read

Fixes: use-of-uninitialized-value
Fixes: 
483856523/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-5221422609006592

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
---
 libavformat/wtvdec.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index 1f299510c9..50d019a03f 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -881,7 +881,8 @@ static int parse_chunks(AVFormatContext *s, int mode, 
int64_t seekts, int *len_p
                 AVStream *st = s->streams[stream_index];
                 uint8_t language[4];
                 avio_skip(pb, 12);
-                avio_read(pb, language, 3);
+                if (avio_read(pb, language, 3) != 3)
+                    return AVERROR_INVALIDDATA;
                 if (language[0]) {
                     language[3] = 0;
                     av_dict_set(&st->metadata, "language", language, 0);
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to