falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

avformat/iss: check sscanf() return code 

Fixes use of uninitialized data
Fixes: msan_uninit-mem_7f883205ce82_15_0001010100.iss
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tags/n2.2-rc1
Michael Niedermayer 12 years ago
parent
6da21c1f81
commit
5c3079aaa9
1 changed files with 12 additions and 3 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +12
    -3
      libavformat/iss.c

+ 12
- 3
libavformat/iss.c View File

@@ -76,14 +76,23 @@ static av_cold int iss_read_header(AVFormatContext *s)

get_token(pb, token, sizeof(token)); //"IMA_ADPCM_Sound"
get_token(pb, token, sizeof(token)); //packet size
sscanf(token, "%d", &iss->packet_size);
if (sscanf(token, "%d", &iss->packet_size) != 1) {
av_log(s, AV_LOG_ERROR, "Failed parsing packet size\n");
return AVERROR_INVALIDDATA;
}
get_token(pb, token, sizeof(token)); //File ID
get_token(pb, token, sizeof(token)); //out size
get_token(pb, token, sizeof(token)); //stereo
sscanf(token, "%d", &stereo);
if (sscanf(token, "%d", &stereo) != 1) {
av_log(s, AV_LOG_ERROR, "Failed parsing stereo flag\n");
return AVERROR_INVALIDDATA;
}
get_token(pb, token, sizeof(token)); //Unknown1
get_token(pb, token, sizeof(token)); //RateDivisor
sscanf(token, "%d", &rate_divisor);
if (sscanf(token, "%d", &rate_divisor) != 1) {
av_log(s, AV_LOG_ERROR, "Failed parsing rate_divisor\n");
return AVERROR_INVALIDDATA;
}
get_token(pb, token, sizeof(token)); //Unknown2
get_token(pb, token, sizeof(token)); //Version ID
get_token(pb, token, sizeof(token)); //Size


Write Preview
Loading…
Cancel
Save