From patchwork Tue Aug 6 22:18:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50918 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22499vqb; Tue, 6 Aug 2024 15:19:44 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVxiO8gVozftA1s+TPCq1UkGamfumJLmxdcYPEoN/S+3VRJ0WhnXYTBdfThi1hdbydE7wJccuALAL5jvDPfekbUv9fP9guGuj6dOA== X-Google-Smtp-Source: AGHT+IHakmw7U6hpMIhxg3NLudm+FfzV5Ng2wU3aszkr8kpLh4rw4kqErLt23r1xdcr6sQ4o9AHx X-Received: by 2002:a2e:9b03:0:b0:2ef:2422:dc21 with SMTP id 38308e7fff4ca-2f15ab5cd3amr128625611fa.43.1722982784181; Tue, 06 Aug 2024 15:19:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982784; cv=none; d=google.com; s=arc-20160816; b=rKTrrQHVB8nrvwxAsgVyArXBDJt3FUWtmg10fnYZFiuZaukyTmYjB8tqiL7spNdF8V K9AmAxcDM1U9JBm2CrNBzbP4ZluEZJCR+aThuqBTDUXEWlaASI5gUZzpv4xVah/Xe56P TYZYvThYlJiJ5mQXeC03ZyRTYodMj+1jNxov4aZNNimpxbRHF6TTpUWxwVtuQDRwgLoV 3DXTIg2ScQNkVhr9e1W0Hpj/nwQdu1oRQ5vhFuPvO2oDaC3F5O+1iy4HMqkxHFKLOVXm gX7wbAKxtr4ec/Ge5mgDX2k5JxZ9TLBTRk+zPk4/I+HeKAyOOGw1L9RiSVlLcd8rqynB dFwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=+tuOkNklAzyQ2kBL4Hh/pmmD+NKAhUw0urcYQkFueh4=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=ugMXKcVVNlOCMkE64665/Y56+aGTL+ghBV3saxy5LzRTUTgNnajoDKkIeUkYQ3iotn hkVZBwiPVnnZw7p/bUXqX7lQfVrcglGnAF+IYRH91mVaz+ILeoVmTmiVL9xx9gfN0OmD RAawe9Ajtzt849sBeEqmhZ62XUc7qnhs3qXD1Wm8axKPI+Zxnh9+nPYzuD7am9vk5NOF awzgX858Xgt+oJGFpqXIs1oNWj78W48sw83MeF1w1Dq+KkowJ7FaDdBSfxTf0g1cKD7J oHZJs45d5ge0hQmwork+1i6ONP44owrKtC1P9R1I/QXiV04NY1dXAC2xpfbAugR0hQ0m Ra1A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=EK3pNkYa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a7dc9d6ec80si594761166b.337.2024.08.06.15.19.43; Tue, 06 Aug 2024 15:19:44 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=EK3pNkYa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 99F6B68DABE; Wed, 7 Aug 2024 01:19:09 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 812DF68DA1F for ; Wed, 7 Aug 2024 01:18:59 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id D78D620003 for ; Tue, 6 Aug 2024 22:18:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n0NV0d5Yk5yYp8SZpeaV2bYQ81Kj+Zc0dFnXqYfybUU=; b=EK3pNkYat59oztrWrn2SJ/rSJTW/uiCp8Go4HHIgiNzRbSRHV1EKhiewoabSfg6yHT0JWS QxGrDqIBAyeU8+WfT0lCi4UoN12u8v8UJ1Qzrtqhq5PO+jSoGXX6Rt2Df+vMcV5JnnE+0P /8cqOKw3ggqSqL3ZUwP+84VaQeFxVxiy+eQx6gz/fL34ONg926Wt1yFsI+L0r2nkMWV3RQ kYJtkz6DuDsmuD/jFyi6Jw3x0VWpOict5DlKkvy7jre2YoGcsoz4otGkbDcJCcLygOr62T sBcNw2MwEGqihJAmH9Rzt74CgLPaKQzmRXmCAz8HaiL58l+Vkga8V8Apgd1hRw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:52 +0200 Message-ID: <20240806221853.959177-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240806221853.959177-1-michael@niedermayer.cc> References: <20240806221853.959177-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 5/6] tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: VABMpTs8yM3o Fixes: use of uninitialized values Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index d2d7e21dac7..794b5b92cc7 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame) frame->extended_data = frame->data; for (i = 0; i < 4 && size[i]; i++) { - frame->buf[i] = av_buffer_alloc(size[i]); + frame->buf[i] = av_buffer_allocz(size[i]); if (!frame->buf[i]) goto fail; frame->data[i] = frame->buf[i]->data;