diff mbox series

[FFmpeg-devel] libavformat/r3d.c: Fix Use-of-uninitialized-value in filename.

Message ID 20200819195925.130806-1-tfoucu@gmail.com
State Superseded
Headers show
Series [FFmpeg-devel] libavformat/r3d.c: Fix Use-of-uninitialized-value in filename.
Related show

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Thierry Foucu Aug. 19, 2020, 7:59 p.m. UTC
While reading the filename tag, it mays return a EOF and we are still
copying the file with uninitialized value.
---
 libavformat/r3d.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

James Almer Aug. 19, 2020, 10:27 p.m. UTC | #1
On 8/19/2020 4:59 PM, Thierry Foucu wrote:
> While reading the filename tag, it mays return a EOF and we are still
> copying the file with uninitialized value.
> ---
>  libavformat/r3d.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/r3d.c b/libavformat/r3d.c
> index 7aa0c5a2c3..7ba589530d 100644
> --- a/libavformat/r3d.c
> +++ b/libavformat/r3d.c
> @@ -54,7 +54,7 @@ static int r3d_read_red1(AVFormatContext *s)
>  {
>      AVStream *st = avformat_new_stream(s, NULL);
>      R3DContext *r3d = s->priv_data;
> -    char filename[258];
> +    char filename[258] = {};
>      int tmp;
>      int av_unused tmp2;
>      AVRational framerate;

It may be a better idea to check instead if avio_read() actually reads
the required 257 bytes, and abort otherwise.
diff mbox series

Patch

diff --git a/libavformat/r3d.c b/libavformat/r3d.c
index 7aa0c5a2c3..7ba589530d 100644
--- a/libavformat/r3d.c
+++ b/libavformat/r3d.c
@@ -54,7 +54,7 @@  static int r3d_read_red1(AVFormatContext *s)
 {
     AVStream *st = avformat_new_stream(s, NULL);
     R3DContext *r3d = s->priv_data;
-    char filename[258];
+    char filename[258] = {};
     int tmp;
     int av_unused tmp2;
     AVRational framerate;