Change #263337
| Category | ffmpeg |
| Changed by | Sankalpa Sarkar <sankalpasarkar68@gmail.com> |
| Changed at | Thu 02 Apr 2026 21:06:59 |
| Repository | https://git.ffmpeg.org/ffmpeg.git |
| Project | ffmpeg |
| Branch | master |
| Revision | 65eed0732cadc42b3689788f175d921974f9c074 |
Comments
avformat: check avio_read() return values in dss/dtshd/mlv Multiple demuxers call avio_read() without checking its return value. When input is truncated, destination buffers remain uninitialized but are still used for offset calculations, memcmp, and metadata handling. This results in undefined behavior (detectable with Valgrind/MSan). Fix this by checking the return value of avio_read() in: - dss.c: dss_read_seek() — check before using header buffer - dtshddec.c: FILEINFO chunk — check before using value buffer - mlvdec.c: check_file_header() — check before memcmp on version Fixes: #21520
Changed files
- libavformat/dss.c
- libavformat/dtshddec.c
- libavformat/mlvdec.c