diff mbox

[FFmpeg-devel,3/5] CodeAi generated fix for CWE 457 Uninitialized Variable

Message ID 1520376143-5925-4-git-send-email-benjamin.bales@assrc.us
State New
Headers show

Commit Message

C0deAi March 6, 2018, 10:42 p.m. UTC 
Prevent passing of uninitialized value 'buf[i]' as function
call argument on line 222.

Signed-off-by: C0deAi <benjamin.bales@assrc.us>
---
 libavutil/hash.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Nicolas George March 6, 2018, 11:37 p.m. UTC | #1 
C0deAi (2018-03-06):
> Prevent passing of uninitialized value 'buf[i]' as function
> call argument on line 222.
> 
> Signed-off-by: C0deAi <benjamin.bales@assrc.us>
> ---
>  libavutil/hash.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Nack. buf[i] cannot be unitialized at this point.

Also, the first line of commit message should be "lavu/hash: fix...".

The same comment about commit messages applies to the other patches. I
suspect some of them fix nothing too, but I do not have time to check
right now.

Regards,
diff mbox

Patch

diff --git a/libavutil/hash.c b/libavutil/hash.c
index 75edb6d..593176c 100644
--- a/libavutil/hash.c
+++ b/libavutil/hash.c
@@ -214,7 +214,7 @@  void av_hash_final_bin(struct AVHashContext *ctx, uint8_t *dst, int size)
 
 void av_hash_final_hex(struct AVHashContext *ctx, uint8_t *dst, int size)
 {
-    uint8_t buf[AV_HASH_MAX_SIZE];
+    uint8_t buf[AV_HASH_MAX_SIZE] = {0};
     unsigned rsize = av_hash_get_size(ctx), i;
 
     av_hash_final(ctx, buf);