[Backport] cerry-pick fix for uninitialized memory in flac

BUG=686387

Original description:
avformat/flacdec: Check avio_read result when reading flac block header.

Return AVERROR_INVALIDDATA if all four bytes aren't present.

Change-Id: I049dc485d3ebf9bcfd12fa3494659e9737325d76
Reviewed-on: https://chromium-review.googlesource.com/434760
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

2 files changed, 6 insertions, 1 deletions

diff --git a/chromium/third_party/ffmpeg/chromium/patches/README b/chromium/third_party/ffmpeg/chromium/patches/README
index 46d2091a9fc..1ddd68c2084 100644
--- a/chromium/third_party/ffmpeg/chromium/patches/README
+++ b/chromium/third_party/ffmpeg/chromium/patches/README
@@ -10,6 +10,10 @@ Autorename:
     by generate_gyp.py. https://chromium-review.googlesource.com/#/c/274543/
 
 Current patches:
+  Changes to libavformat/flacdec.c crbug.com/686387
+    95bde49982a82bc10470c0adab5969ffe635d064  Check avio_read result when reading
+                                              flac block header. (upstreamed)
+
   .gitignore has a "Chromium stuff" section.
 
   Remove add_cflags "-mips64" from configure
diff --git a/chromium/third_party/ffmpeg/libavformat/flacdec.c b/chromium/third_party/ffmpeg/libavformat/flacdec.c
index eb92216c45e..b2b60e6f9c1 100644
--- a/chromium/third_party/ffmpeg/libavformat/flacdec.c
+++ b/chromium/third_party/ffmpeg/libavformat/flacdec.c
@@ -65,7 +65,8 @@ static int flac_read_header(AVFormatContext *s)
 
     /* process metadata blocks */
     while (!avio_feof(s->pb) && !metadata_last) {
-        avio_read(s->pb, header, 4);
+        if (avio_read(s->pb, header, 4) != 4)
+            return AVERROR(AVERROR_INVALIDDATA);
         flac_parse_block_header(header, &metadata_last, &metadata_type,
                                    &metadata_size);
         switch (metadata_type) {