avformat/http: Return an error in case of prematurely ending data

Fixes Ticket 4039

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Gbp-Pq: Name CVE-2016-10190-pre1-3668701f.patch

diff --git a/libavformat/http.c b/libavformat/http.c
index 06ab599f8c306496b8999ae42ec02736ad9b5080..6755583d2b0b90c28352b8ed2a8ced4cc7f9db5b 100644 (file)
--- a/libavformat/http.c
+++ b/libavformat/http.c
@@ -707,6 +707,14 @@ static int http_buf_read(URLContext *h, uint8_t *buf, int size)
             s->filesize >= 0 && s->off >= s->filesize)
             return AVERROR_EOF;
         len = ffurl_read(s->hd, buf, size);
+        if (!len && (!s->willclose || s->chunksize < 0) &&
+            s->filesize >= 0 && s->off < s->filesize) {
+            av_log(h, AV_LOG_ERROR,
+                   "Streams ends prematurly at %"PRId64", should be %"PRId64"\n",
+                   s->off, s->filesize
+                  );
+            return AVERROR(EIO);
+        }
     }
     if (len > 0) {
         s->off += len;