uninitialized memory read when opening FLV

Started by ajschult, November 28, 2012, 04:04:00 AM

Previous topic - Next topic

ajschult

When opening http://rheneas.eng.buffalo.edu/~andrew/fatkid.flv with avidemux, valgrind sees an uninitialized memory read in flvHeader::open.  The while loop tries to check that 15 more bytes exist to be read but |pos| is the position of the file at the beginning of the previous iteration (before the previous tag was read).  The result is that |size| is uninitialized but seems to be 0 (probably depends on compiler, or on how forgiving fread is).


-  while(pos<fileSize-14)
+  while((pos=ftell(_fd)) <fileSize-14)


seems to fix it (and delete the |pos=ftell(_fd)| below)

Bogus headers could result in additional problems; if the file has only 15 bytes left and |type| is valid and |size>0|, then the code will attempt to continue reading the rest of the non-existent tag.  The code could check that pos+15+size <= fileSize

mean