From 7b7338a38fcafeba579f425b1a83aa5102f1a7bc Mon Sep 17 00:00:00 2001
From: Cheng Zhao <zcbenz@gmail.com>
Date: Thu, 16 Jul 2020 12:58:39 +0900
Subject: [PATCH] chore: cherry-pick fix from chromium issue 1065731

---
 patches/config.json                   |  4 +++-
 patches/ffmpeg/.patches               |  1 +
 patches/ffmpeg/backport_1065731.patch | 30 +++++++++++++++++++++++++++
 3 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 patches/ffmpeg/.patches
 create mode 100644 patches/ffmpeg/backport_1065731.patch

diff --git a/patches/config.json b/patches/config.json
index de76ab80ca14d..4ecb4b4c5e7fb 100644
--- a/patches/config.json
+++ b/patches/config.json
@@ -19,5 +19,7 @@
 
   "src/electron/patches/usrsctp": "src/third_party/usrsctp/usrsctplib",
 
-  "src/electron/patches/pdfium": "src/third_party/pdfium"
+  "src/electron/patches/pdfium": "src/third_party/pdfium",
+
+  "src/electron/patches/ffmpeg": "src/third_party/ffmpeg"
 }
diff --git a/patches/ffmpeg/.patches b/patches/ffmpeg/.patches
new file mode 100644
index 0000000000000..1441ee68bacc0
--- /dev/null
+++ b/patches/ffmpeg/.patches
@@ -0,0 +1 @@
+backport_1065731.patch
diff --git a/patches/ffmpeg/backport_1065731.patch b/patches/ffmpeg/backport_1065731.patch
new file mode 100644
index 0000000000000..08da3309c17a0
--- /dev/null
+++ b/patches/ffmpeg/backport_1065731.patch
@@ -0,0 +1,30 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Cheng Zhao <zcbenz@gmail.com>
+Date: Thu, 4 Oct 2018 14:57:02 -0700
+Subject: fix: check return value from avio_read()
+
+[1065731] [Medium]: audio_decoder_fuzzer: Use-of-uninitialized-value in amr_read_header
+Backport https://chromium.googlesource.com/chromium/third_party/ffmpeg.git/+/5b967f56b6d85f62446836fc8ef64d0dcfcbda17
+
+diff --git a/libavformat/amr.c b/libavformat/amr.c
+index 42840a50a300ff23d6ddfa56a1410770f0fdbd59..a963eb3ded78671e48d5bc36397c39281f431d21 100644
+--- a/libavformat/amr.c
++++ b/libavformat/amr.c
+@@ -90,13 +90,15 @@ static int amr_read_header(AVFormatContext *s)
+     AVStream *st;
+     uint8_t header[9];
+ 
+-    avio_read(pb, header, 6);
++    if (avio_read(pb, header, 6) != 6)
++        return AVERROR_INVALIDDATA;
+ 
+     st = avformat_new_stream(s, NULL);
+     if (!st)
+         return AVERROR(ENOMEM);
+     if (memcmp(header, AMR_header, 6)) {
+-        avio_read(pb, header + 6, 3);
++        if (avio_read(pb, header + 6, 3) != 3)
++            return AVERROR_INVALIDDATA;
+         if (memcmp(header, AMRWB_header, 9)) {
+             return -1;
+         }