From e72f5abbc62d1ce1dc9cd689c1d8a49ead757c5a Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 19 Dec 2013 03:50:05 +0100
Subject: avformat/swfdec: check avio_read() return code

Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/swfdec.c | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

(limited to 'libavformat/swfdec.c')

diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index c77e28f0c9..c36c024168 100644
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -455,10 +455,20 @@ bitmap_end_skip:
                 /* old SWF files containing SOI/EOI as data start */
                 /* files created by swink have reversed tag */
                 pkt->size -= 4;
-                avio_read(pb, pkt->data, pkt->size);
+                res = avio_read(pb, pkt->data, pkt->size);
             } else {
-                avio_read(pb, pkt->data + 4, pkt->size - 4);
+                res = avio_read(pb, pkt->data + 4, pkt->size - 4);
+                if (res >= 0)
+                    res += 4;
             }
+            if (res != pkt->size) {
+                if (res < 0) {
+                    av_free_packet(pkt);
+                    return res;
+                }
+                av_shrink_packet(pkt, res);
+            }
+
             pkt->pos = pos;
             pkt->stream_index = st->index;
             return pkt->size;
-- 
cgit v1.2.3