avformat/argo_brp: Check that ASF chunk header is completely read

Fixes: Use of uninitialized value Fixes: 71280/clusterfuzz-testcase-minimized-ffmpeg_dem_ARGO_BRP_fuzzer-4692991866896384 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
5 months ago · 815d008681
parent 46e3bc2ebd
commit 815d008681
1 changed files with 2 additions and 2 deletions
--- a/libavformat/argo_brp.c
+++ b/libavformat/argo_brp.c
@ -380,8 +380,8 @@ static int argo_brp_read_packet(AVFormatContext *s, AVPacket *pkt)
        if (blk.size < ASF_CHUNK_HEADER_SIZE)
            return AVERROR_INVALIDDATA;

-        if ((ret = avio_read(s->pb, buf, ASF_CHUNK_HEADER_SIZE)) < 0)
-            return ret;
+        if (avio_read(s->pb, buf, ASF_CHUNK_HEADER_SIZE) != ASF_CHUNK_HEADER_SIZE)
+            return AVERROR_INVALIDDATA;

        ff_argo_asf_parse_chunk_header(&ckhdr, buf);