From 161dee43213dafee0f7d969320fc4bc5318ba68d Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 17 Apr 2013 01:31:53 +0200 Subject: [PATCH] rmdec: dont return uninitialized data Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 478b35bce0..13d1d25758 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -662,6 +662,7 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb, int hdr; int seq = 0, pic_num = 0, len2 = 0, pos = 0; //init to silcense compiler warning int type; + int ret; hdr = avio_r8(pb); len--; type = hdr >> 6; @@ -690,7 +691,10 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb, pkt->data[0] = 0; AV_WL32(pkt->data + 1, 1); AV_WL32(pkt->data + 5, 0); - avio_read(pb, pkt->data + 9, len); + if ((ret = avio_read(pb, pkt->data + 9, len)) != len) { + av_free_packet(pkt); + return ret < 0 ? ret : AVERROR(EIO); + } return 0; } //now we have to deal with single slice @@ -706,6 +710,7 @@ static int rm_assemble_video_frame(AVFormatContext *s, AVIOContext *pb, av_free_packet(&vst->pkt); //FIXME this should be output. if(av_new_packet(&vst->pkt, vst->videobufsize) < 0) return AVERROR(ENOMEM); + memset(vst->pkt.data, 0, vst->pkt.size); vst->videobufpos = 8*vst->slices + 1; vst->cur_slice = 0; vst->curpic_num = pic_num;