[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype
ffmpeg | branch: release/3.4 | chcunningham | Fri
Dec 14 13:44:07 2018 -0800| [96062eb3cc82134921f12da02c2842fa21208742] |
committer: Michael Niedermayer
lavf/id3v2: fail read_apic on EOF reading mimetype
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=96062eb3cc82134921f12da02c2842fa21208742
---
libavformat/id3v2.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 6c216ba7a2..ac39b03af4 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -589,7 +589,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
int isv34)
{
int enc, pic_type;
-char mimetype[64];
+char mimetype[64] = {0};
const CodecMime *mime = ff_id3v2_mime_tags;
enum AVCodecID id = AV_CODEC_ID_NONE;
ID3v2ExtraMetaAPIC *apic = NULL;
@@ -611,7 +611,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
} else {
-avio_read(pb, mimetype, 3);
+if (avio_read(pb, mimetype, 3) < 0)
+goto fail;
+
mimetype[3] = 0;
taglen-= 3;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
To unsubscribe, visit link above, or email
ffmpeg-cvslog-requ...@ffmpeg.org with subject "unsubscribe".
[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype
ffmpeg | branch: release/4.0 | chcunningham | Fri
Dec 14 13:44:07 2018 -0800| [e02f55a3c5c3761ddcbd326c62bdf571bb2be0b4] |
committer: Michael Niedermayer
lavf/id3v2: fail read_apic on EOF reading mimetype
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e02f55a3c5c3761ddcbd326c62bdf571bb2be0b4
---
libavformat/id3v2.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index f7de26a1d8..5fe055b591 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -590,7 +590,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
int isv34)
{
int enc, pic_type;
-char mimetype[64];
+char mimetype[64] = {0};
const CodecMime *mime = ff_id3v2_mime_tags;
enum AVCodecID id = AV_CODEC_ID_NONE;
ID3v2ExtraMetaAPIC *apic = NULL;
@@ -612,7 +612,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
} else {
-avio_read(pb, mimetype, 3);
+if (avio_read(pb, mimetype, 3) < 0)
+goto fail;
+
mimetype[3] = 0;
taglen-= 3;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype
ffmpeg | branch: release/3.2 | chcunningham | Fri
Dec 14 13:44:07 2018 -0800| [490a5253ca898bc6c9d58571cd2c8bed7f053a68] |
committer: Michael Niedermayer
lavf/id3v2: fail read_apic on EOF reading mimetype
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
(cherry picked from commit ee1e39a576977fd38c3b94fc56125d31d38833e9)
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=490a5253ca898bc6c9d58571cd2c8bed7f053a68
---
libavformat/id3v2.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index 85a31f77f2..afed5b0468 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -589,7 +589,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
int isv34)
{
int enc, pic_type;
-char mimetype[64];
+char mimetype[64] = {0};
const CodecMime *mime = ff_id3v2_mime_tags;
enum AVCodecID id = AV_CODEC_ID_NONE;
ID3v2ExtraMetaAPIC *apic = NULL;
@@ -611,7 +611,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
} else {
-avio_read(pb, mimetype, 3);
+if (avio_read(pb, mimetype, 3) < 0)
+goto fail;
+
mimetype[3] = 0;
taglen-= 3;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] lavf/id3v2: fail read_apic on EOF reading mimetype
ffmpeg | branch: master | chcunningham | Fri Dec 14
13:44:07 2018 -0800| [ee1e39a576977fd38c3b94fc56125d31d38833e9] | committer:
Michael Niedermayer
lavf/id3v2: fail read_apic on EOF reading mimetype
avio_read may return EOF, leaving the mimetype array unitialized. fail
early when this occurs to avoid using the array in an unitialized state.
Reviewed-by: Tomas Härdin
Signed-off-by: Michael Niedermayer
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ee1e39a576977fd38c3b94fc56125d31d38833e9
---
libavformat/id3v2.c | 6 --
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index bb5c3f8119..b43ab1745f 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -591,7 +591,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
int isv34)
{
int enc, pic_type;
-char mimetype[64];
+char mimetype[64] = {0};
const CodecMime *mime = ff_id3v2_mime_tags;
enum AVCodecID id = AV_CODEC_ID_NONE;
ID3v2ExtraMetaAPIC *apic = NULL;
@@ -613,7 +613,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb,
int taglen,
if (isv34) {
taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
} else {
-avio_read(pb, mimetype, 3);
+if (avio_read(pb, mimetype, 3) < 0)
+goto fail;
+
mimetype[3] = 0;
taglen-= 3;
}
___
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
