avformat/swfdec: check avio_read() return code

Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c
index c77e28f0c9bbf6f9bd993ce751bd7820b447aa15..c36c024168e2aace529cef9149ada3f48ee1a687 100644 (file)
--- a/libavformat/swfdec.c
+++ b/libavformat/swfdec.c
@@ -455,10 +455,20 @@ bitmap_end_skip:
                 /* old SWF files containing SOI/EOI as data start */
                 /* files created by swink have reversed tag */
                 pkt->size -= 4;
-                avio_read(pb, pkt->data, pkt->size);
+                res = avio_read(pb, pkt->data, pkt->size);
             } else {
-                avio_read(pb, pkt->data + 4, pkt->size - 4);
+                res = avio_read(pb, pkt->data + 4, pkt->size - 4);
+                if (res >= 0)
+                    res += 4;
             }
+            if (res != pkt->size) {
+                if (res < 0) {
+                    av_free_packet(pkt);
+                    return res;
+                }
+                av_shrink_packet(pkt, res);
+            }
+
             pkt->pos = pos;
             pkt->stream_index = st->index;
             return pkt->size;