From fc1fe453a246cb8e188bbc226b48b339d5f81580 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Thu, 4 Jul 2024 00:04:32 +0100 Subject: [PATCH] Credit to OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=68210 Use readOrThrow() to detect premature EOF. --- src/asfvideo.cpp | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/asfvideo.cpp b/src/asfvideo.cpp index f52d39eb6a..5016ffdb8c 100644 --- a/src/asfvideo.cpp +++ b/src/asfvideo.cpp @@ -235,7 +235,7 @@ void AsfVideo::readMetadata() { AsfVideo::HeaderReader::HeaderReader(const BasicIo::UniquePtr& io) : IdBuf_(GUID) { if (io->size() >= io->tell() + GUID + QWORD) { - IdBuf_ = io->read(GUID); + io->readOrThrow(IdBuf_.data(), IdBuf_.size(), Exiv2::ErrorCode::kerCorruptedMetadata); size_ = readQWORDTag(io); if (size_ >= GUID + QWORD) @@ -291,7 +291,7 @@ void AsfVideo::decodeBlock() { void AsfVideo::decodeHeader() { DataBuf nbHeadersBuf(DWORD + 1); - io_->read(nbHeadersBuf.data(), DWORD); + io_->readOrThrow(nbHeadersBuf.data(), DWORD, Exiv2::ErrorCode::kerCorruptedMetadata); uint32_t nb_headers = Exiv2::getULong(nbHeadersBuf.data(), littleEndian); Internal::enforce(nb_headers < std::numeric_limits::max(), Exiv2::ErrorCode::kerCorruptedMetadata); @@ -353,7 +353,8 @@ void AsfVideo::DegradableJPEGMedia() { } void AsfVideo::streamProperties() { - DataBuf streamTypedBuf = io_->read(GUID); + DataBuf streamTypedBuf(GUID); + io_->readOrThrow(streamTypedBuf.data(), streamTypedBuf.size(), Exiv2::ErrorCode::kerCorruptedMetadata); enum class streamTypeInfo { Audio = 1, Video = 2 }; auto stream = static_cast(0); @@ -471,7 +472,8 @@ void AsfVideo::contentDescription() { } // AsfVideo::extendedContentDescription void AsfVideo::fileProperties() { - DataBuf FileIddBuf = io_->read(GUID); + DataBuf FileIddBuf(GUID); + io_->readOrThrow(FileIddBuf.data(), FileIddBuf.size(), Exiv2::ErrorCode::kerCorruptedMetadata); xmpData()["Xmp.video.FileID"] = GUIDTag(FileIddBuf.data()).to_string(); xmpData()["Xmp.video.FileLength"] = readQWORDTag(io_); xmpData()["Xmp.video.CreationDate"] = readQWORDTag(io_);