Message ID | 20200914174900.3743929-1-tfoucu@gmail.com |
---|---|
State | Withdrawn |
Headers | show |
Series | [FFmpeg-devel] libavformat/rmdec.c: Fix Use-of-uninitialized-value in ff_codec_get_id | expand |
Context | Check | Description |
---|---|---|
andriy/default | pending | |
andriy/make | success | Make finished |
andriy/make_fate | success | Make fate finished |
On Mon, Sep 14, 2020 at 10:49 AM Thierry Foucu <tfoucu@gmail.com> wrote: > In case the pb does not contain 4 bytes, the buf[256] will not be > initialize before we pass it to ff_codec_get_id > --- > libavformat/rmdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c > index a36e693ab2..220aa8aee2 100644 > --- a/libavformat/rmdec.c > +++ b/libavformat/rmdec.c > @@ -180,12 +180,12 @@ static int rm_read_audio_stream_info(AVFormatContext > *s, AVIOContext *pb, > st->codecpar->sample_rate = avio_rb16(pb); > avio_rb32(pb); > st->codecpar->channels = avio_rb16(pb); > + AV_WL32(buf, 0); > if (version == 5) { > ast->deint_id = avio_rl32(pb); > avio_read(pb, buf, 4); > buf[4] = 0; > } else { > - AV_WL32(buf, 0); > get_str8(pb, buf, sizeof(buf)); /* desc */ > ast->deint_id = AV_RL32(buf); > get_str8(pb, buf, sizeof(buf)); /* desc */ > -- > 2.28.0.618.gf4bc123cb7-goog > > ping?
On Mon, Sep 14, 2020 at 10:49:00AM -0700, Thierry Foucu wrote: > In case the pb does not contain 4 bytes, the buf[256] will not be > initialize before we pass it to ff_codec_get_id > --- > libavformat/rmdec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c > index a36e693ab2..220aa8aee2 100644 > --- a/libavformat/rmdec.c > +++ b/libavformat/rmdec.c > @@ -180,12 +180,12 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, > st->codecpar->sample_rate = avio_rb16(pb); > avio_rb32(pb); > st->codecpar->channels = avio_rb16(pb); > + AV_WL32(buf, 0); > if (version == 5) { > ast->deint_id = avio_rl32(pb); > avio_read(pb, buf, 4); I think the avio_read() return code should be checked instead thx [...]
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index a36e693ab2..220aa8aee2 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -180,12 +180,12 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codecpar->sample_rate = avio_rb16(pb); avio_rb32(pb); st->codecpar->channels = avio_rb16(pb); + AV_WL32(buf, 0); if (version == 5) { ast->deint_id = avio_rl32(pb); avio_read(pb, buf, 4); buf[4] = 0; } else { - AV_WL32(buf, 0); get_str8(pb, buf, sizeof(buf)); /* desc */ ast->deint_id = AV_RL32(buf); get_str8(pb, buf, sizeof(buf)); /* desc */