highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nutdec: always check the get_str return value

Browse Source 
If it fails, the buffers can be (partially) uninitialized.

This fixes 'Conditional jump or move depends on uninitialised value(s)'
valgrind warnings.

Reviewed-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
This commit is contained in:
Andreas Cadhalpun
2015-05-22 22:58:55 +02:00
parent 1096c46c55
commit 0b79a389ba
1 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
libavformat/nutdec.c
View File

@@ -544,11 +544,15 @@ static int decode_info_header(NUTContext *nut)
if (value == -1) { if (value == -1) {
type = "UTF-8"; type = "UTF-8";
get_str(bc, str_value, sizeof(str_value)); ret = get_str(bc, str_value, sizeof(str_value));
} else if (value == -2) { } else if (value == -2) {
get_str(bc, type_str, sizeof(type_str)); ret = get_str(bc, type_str, sizeof(type_str));
if (ret < 0) {
av_log(s, AV_LOG_ERROR, "get_str failed while decoding info header\n");
return ret;
}
type = type_str; type = type_str;
get_str(bc, str_value, sizeof(str_value)); ret = get_str(bc, str_value, sizeof(str_value));
} else if (value == -3) { } else if (value == -3) {
type = "s"; type = "s";
value = get_s(bc); value = get_s(bc);
@@ -562,6 +566,11 @@ static int decode_info_header(NUTContext *nut)
type = "v"; type = "v";
} }
if (ret < 0) {
av_log(s, AV_LOG_ERROR, "get_str failed while decoding info header\n");
return ret;
}
if (stream_id_plus1 > s->nb_streams) { if (stream_id_plus1 > s->nb_streams) {
av_log(s, AV_LOG_ERROR, "invalid stream id for info packet\n"); av_log(s, AV_LOG_ERROR, "invalid stream id for info packet\n");
continue; continue;
@@ -875,13 +884,21 @@ static int read_sm_data(AVFormatContext *s, AVIOContext *bc, AVPacket *pkt, int
value = get_s(bc); value = get_s(bc);
if (value == -1) { if (value == -1) {
get_str(bc, str_value, sizeof(str_value)); ret = get_str(bc, str_value, sizeof(str_value));
if (ret < 0) {
av_log(s, AV_LOG_ERROR, "get_str failed while reading sm data\n");
return ret;
}
av_log(s, AV_LOG_WARNING, "Unknown string %s / %s\n", name, str_value); av_log(s, AV_LOG_WARNING, "Unknown string %s / %s\n", name, str_value);
} else if (value == -2) { } else if (value == -2) {
uint8_t *dst = NULL; uint8_t *dst = NULL;
int64_t v64, value_len; int64_t v64, value_len;
get_str(bc, type_str, sizeof(type_str)); ret = get_str(bc, type_str, sizeof(type_str));
if (ret < 0) {
av_log(s, AV_LOG_ERROR, "get_str failed while reading sm data\n");
return ret;
}
value_len = ffio_read_varlen(bc); value_len = ffio_read_varlen(bc);
if (avio_tell(bc) + value_len >= maxpos) if (avio_tell(bc) + value_len >= maxpos)
return AVERROR_INVALIDDATA; return AVERROR_INVALIDDATA;