PR #22432 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22432 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22432.patch
Fixes: read of uninitialized memory Fixes: 490305404/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6406386140643328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From baa1330ded80779694691e41879b68dab1f33cb0 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Sat, 7 Mar 2026 12:22:35 +0100 Subject: [PATCH] avformat/aiffdec: Check avio_read() return Fixes: read of uninitialized memory Fixes: 490305404/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-6406386140643328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/aiffdec.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c index ff47d8dc7b..d65d8466e0 100644 --- a/libavformat/aiffdec.c +++ b/libavformat/aiffdec.c @@ -369,8 +369,9 @@ static int aiff_read_header(AVFormatContext *s) uint8_t chunk[11]; ret = avio_read(pb, chunk, 11); - if (ret > 0) - size -= ret; + if (ret != 11) + return ret < 0 ? ret : AVERROR_INVALIDDATA; + size -= ret; if (!memcmp(chunk, "VADPCMCODES", sizeof(chunk))) { if ((ret = ff_get_extradata(s, st->codecpar, pb, size)) < 0) return ret; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
