From patchwork Wed Jan 27 11:38:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 25217 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id A2F8D44BC5F for ; Wed, 27 Jan 2021 13:38:40 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7C9B6689E5B; Wed, 27 Jan 2021 13:38:40 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f41.google.com (mail-wr1-f41.google.com [209.85.221.41]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 31E13689CFA for ; Wed, 27 Jan 2021 13:38:34 +0200 (EET) Received: by mail-wr1-f41.google.com with SMTP id l12so1570412wry.2 for ; Wed, 27 Jan 2021 03:38:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=xvXGtpZN1Q53OY+aj1znRTcij1k1ko3SuHNEun7wEdI=; b=Zht9unoqeWVKq2frWxTbxxq8N/4rrVG1LzBoILVutH1bzMZnj9IGYAA2N2vuXWh5mk EeVddCI8XROs2AoGT5kIdsB5VDEY4JL976c7J7Ak6vHBHP68GkBK+85z2WoaUq0JESv+ J78mAWdiOGAws/ULCeVpBSv7JEVDFqhhekASbzIwnWGsybwh3QHEBdgGoWnHxV64D0yL lF9meGoUn4/oMavNFmlmtfTS1s0W68YCV6XyTY48uXDh19ncVEn6Vb9nWqLfmoQJRbsf /t+krUMMiSEcJI+137Yy6M65VpmGqJgwmsr6Zj78wQjzPywqvqFaT7ze0jIY0Ygk8Ofm ADtg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=xvXGtpZN1Q53OY+aj1znRTcij1k1ko3SuHNEun7wEdI=; b=HmH7rY0ufbQBql4vsLHRBn+LKDev4vWsCyvvhAGPBBeEqDsl/28RcHJQ4wPwiEs2ui vhhtDz65RAhDoArqN3WBgY4LBeNWwCoMcMUzTwOEQMZ/zgmV9StuAUjI+bGJTklVLpNJ H7+IemZ/IpkilCBYzMg7rNrnCATUddGBGjKHSoO4piA7HjiHBIT4c3VhPEugrJoOtogb goe37OiBWpiARbXYcg4XKpYZGl4bNcjz/9YuZAjk4eBicNXOYyOT9wB1LdBl6eDFDQUl P7eaXkZBw1VIfKBY+oLn0HL5zsYaQmVF23YDHmRRF8lNbnbH8GOUhjA1ZFIZYpji+z0X JmZQ== X-Gm-Message-State: AOAM531Y4CBPDfMIDisEBZoV2l+aKhLjbyZLF+lusYmS4TNjyWWnyn9Q /E5by4K4DRUWVu5CcbSgeYHXoJiJyh4= X-Google-Smtp-Source: ABdhPJzCOrUF4MlDXSZuCzbFVj2slHl3aH9bZBm75SQ+VeviikcZ41WKTc8Oxqj3JSoiyuS3Otvnrg== X-Received: by 2002:adf:f8c9:: with SMTP id f9mr10835756wrq.104.1611747512276; Wed, 27 Jan 2021 03:38:32 -0800 (PST) Received: from sblaptop.fritz.box (ipbcc1aa4b.dynamic.kabel-deutschland.de. [188.193.170.75]) by smtp.gmail.com with ESMTPSA id i6sm2515437wrs.71.2021.01.27.03.38.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 Jan 2021 03:38:31 -0800 (PST) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 27 Jan 2021 12:38:20 +0100 Message-Id: <20210127113820.2185240-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avcodec/flashsv2enc: Fix use of uninitialized value X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Before 257a83b969157eb76c18158a4e503e908d8b1125, certain buffers were zero-allocated in the init function and only reallocated lateron if they turned out to be too small; now they are only allocated during init, leading to use-of-uninitialized values lateron. The same could happen before if the dimensions are big enough so that the buffers would be reallocated, as the new part of the reallocated buffer would not be zeroed (happened for 960x960). So always zero the buffers in the function designed to init them. Signed-off-by: Andreas Rheinhardt --- If no one objects, I'll send a patch to remove #ifndef FLASHSV2_DUMB stuff lateron: It doesn't even compile any more and given that it has never worked it stands to reason that any successfull non-dumb way needs to be different from the currently outcommented code. Of course, I don't think that anyone will ever add a successfull non-dumb way for this encoder for an old format. Furthermore, there are more bugs lurking in this code, namely the ptr = av_realloc_array(ptr, size) which leads to memleaks on reallocation failures as well as problems if the caller tries to call the encoder lateron because block_width/height have already been set, so that no reallocation attempt would be performed. libavcodec/flashsv2enc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/flashsv2enc.c b/libavcodec/flashsv2enc.c index 5139b17a28..430b6806c8 100644 --- a/libavcodec/flashsv2enc.c +++ b/libavcodec/flashsv2enc.c @@ -142,6 +142,7 @@ static void init_blocks(FlashSV2Context * s, Block * blocks, { int row, col; Block *b; + memset(blocks, 0, s->cols * s->rows * sizeof(*blocks)); for (col = 0; col < s->cols; col++) { for (row = 0; row < s->rows; row++) { b = blocks + (col + row * s->cols);