From 8279d02cf1998ec324b7624dc41ed15dc2b01cae Mon Sep 17 00:00:00 2001
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Date: Mon, 28 Apr 2025 11:25:26 +0200
Subject: [PATCH] avformat/apvdec: Check before access

The signature check would segfault in case the packet could not
be allocated or if nothing could be read.
Furthermore, read_packet callbacks are supposed to return zero
on success, yet the current code returned the size of the packet.

Reviewed-by: Mark Thompson <sw@jkqxz.net>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/apvdec.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavformat/apvdec.c b/libavformat/apvdec.c
index 9f94a901ec..300ee77316 100644
--- a/libavformat/apvdec.c
+++ b/libavformat/apvdec.c
@@ -225,7 +225,9 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
     }
 
     ret = av_get_packet(s->pb, pkt, au_size);
-    pkt->flags        = AV_PKT_FLAG_KEY;
+    if (ret < 0)
+        return ret;
+    pkt->flags = AV_PKT_FLAG_KEY;
 
     signature = AV_RB32(pkt->data);
     if (signature != APV_SIGNATURE) {
@@ -233,7 +235,7 @@ static int apv_read_packet(AVFormatContext *s, AVPacket *pkt)
         return AVERROR_INVALIDDATA;
     }
 
-    return ret;
+    return 0;
 }
 
 const FFInputFormat ff_apv_demuxer = {