diff options
author | Andreas Cadhalpun <andreas.cadhalpun@googlemail.com> | 2017-01-01 20:27:50 +0100 |
---|---|---|
committer | Michael Niedermayer <michael@niedermayer.cc> | 2017-01-16 02:54:04 +0100 |
commit | 367cac7827870054ae3bd6d4517e7b13f4f3f72c (patch) | |
tree | b85e1b2a3d659dc512163be0c638be5ff49a97bf /libavformat/libopenmpt.c | |
parent | c2500d62c68a1e4c929cd5096f6617b56268d4e8 (diff) |
libopenmpt: add missing avio_read return value check
This fixes heap-buffer-overflows in libopenmpt caused by interpreting
the negative size value as unsigned size_t.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Jörn Heusipp <osmanx@problemloesungsmaschine.de>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
Diffstat (limited to 'libavformat/libopenmpt.c')
-rw-r--r-- | libavformat/libopenmpt.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavformat/libopenmpt.c b/libavformat/libopenmpt.c index e7091ef9fc..35fd28f5f4 100644 --- a/libavformat/libopenmpt.c +++ b/libavformat/libopenmpt.c @@ -82,6 +82,11 @@ static int read_header_openmpt(AVFormatContext *s) if (!buf) return AVERROR(ENOMEM); size = avio_read(s->pb, buf, size); + if (size < 0) { + av_log(s, AV_LOG_ERROR, "Reading input buffer failed.\n"); + av_freep(&buf); + return size; + } openmpt->module = openmpt_module_create_from_memory(buf, size, openmpt_logfunc, s, NULL); av_freep(&buf); |