Message ID | 20240804142315.1430389-2-michael@niedermayer.cc |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,1/4] bsf/media100_to_mjpegb: Clear output buffer padding | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Sun, 4 Aug 2024 at 16:23, Michael Niedermayer <michael@niedermayer.cc> wrote: > > Fixes: use-of-uninitialized-value > Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5089407768526848 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavformat/jpegxl_anim_dec.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c > index ac95d3b9617..3045167e1f9 100644 > --- a/libavformat/jpegxl_anim_dec.c > +++ b/libavformat/jpegxl_anim_dec.c > @@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s) > JXLAnimDemuxContext *ctx = s->priv_data; > AVIOContext *pb = s->pb; > AVStream *st; > - uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE]; > + uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] = {0}; > const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE; > int headsize = 0, ret; > FFJXLMetadata meta = { 0 }; > -- > 2.45.2 Not sure it is required to zero the whole buffer. I sent an alternative patch some time ago, which clears only the relevant area. https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-4-kasper93@gmail.com/ - Kacper
On Mon, Aug 05, 2024 at 02:08:06AM +0200, Kacper Michajlow wrote: > On Sun, 4 Aug 2024 at 16:23, Michael Niedermayer <michael@niedermayer.cc> wrote: > > > > Fixes: use-of-uninitialized-value > > Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5089407768526848 > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavformat/jpegxl_anim_dec.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c > > index ac95d3b9617..3045167e1f9 100644 > > --- a/libavformat/jpegxl_anim_dec.c > > +++ b/libavformat/jpegxl_anim_dec.c > > @@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s) > > JXLAnimDemuxContext *ctx = s->priv_data; > > AVIOContext *pb = s->pb; > > AVStream *st; > > - uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE]; > > + uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] = {0}; > > const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE; > > int headsize = 0, ret; > > FFJXLMetadata meta = { 0 }; > > -- > > 2.45.2 > > Not sure it is required to zero the whole buffer. I sent an > alternative patch some time ago, which clears only the relevant area. > https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-4-kasper93@gmail.com/ ill apply yours then instead thx [...]
diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_dec.c index ac95d3b9617..3045167e1f9 100644 --- a/libavformat/jpegxl_anim_dec.c +++ b/libavformat/jpegxl_anim_dec.c @@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s) JXLAnimDemuxContext *ctx = s->priv_data; AVIOContext *pb = s->pb; AVStream *st; - uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE]; + uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] = {0}; const int sizeofhead = sizeof(head) - AV_INPUT_BUFFER_PADDING_SIZE; int headsize = 0, ret; FFJXLMetadata meta = { 0 };
Fixes: use-of-uninitialized-value Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzzer-5089407768526848 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/jpegxl_anim_dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)