lavf/id3v2: fail read_apic on EOF reading mimetype

avio_read may return EOF, leaving the mimetype array unitialized. fail early when this occurs to avoid using the array in an unitialized state. Reviewed-by: Tomas Härdin <tjoppen@acc.umu.se> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: chcunningham <chcunningham@chromium.org> 2018-12-14 13:44:07 -0800
committer: Michael Niedermayer <michael@niedermayer.cc> 2018-12-17 18:30:10 +0100
commit: ee1e39a576977fd38c3b94fc56125d31d38833e9 (patch)
tree: 8ba556997caa78a6c670d044d0cf52a51beedcb4
parent: 826655d8d11749f521f517a8091eccbf2d516c34 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
index bb5c3f8119..b43ab1745f 100644
--- a/libavformat/id3v2.c
+++ b/libavformat/id3v2.c
@@ -591,7 +591,7 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
                       int isv34)
 {
     int enc, pic_type;
-    char mimetype[64];
+    char mimetype[64] = {0};
     const CodecMime *mime     = ff_id3v2_mime_tags;
     enum AVCodecID id         = AV_CODEC_ID_NONE;
     ID3v2ExtraMetaAPIC *apic  = NULL;
@@ -613,7 +613,9 @@ static void read_apic(AVFormatContext *s, AVIOContext *pb, int taglen,
     if (isv34) {
         taglen -= avio_get_str(pb, taglen, mimetype, sizeof(mimetype));
     } else {
-        avio_read(pb, mimetype, 3);
+        if (avio_read(pb, mimetype, 3) < 0)
+            goto fail;
+
         mimetype[3] = 0;
         taglen    -= 3;
     }
author	chcunningham <chcunningham@chromium.org>	2018-12-14 13:44:07 -0800
committer	Michael Niedermayer <michael@niedermayer.cc>	2018-12-17 18:30:10 +0100
commit	ee1e39a576977fd38c3b94fc56125d31d38833e9 (patch)
tree	8ba556997caa78a6c670d044d0cf52a51beedcb4
parent	826655d8d11749f521f517a8091eccbf2d516c34 (diff)