From patchwork Tue Nov  5 02:23:25 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 52606
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:612c:288a:b0:48e:c0f8:d0de with SMTP id
 hy10csp438658vqb;
        Tue, 5 Nov 2024 04:29:05 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCXuT5DU8/e+onR4oY8RLW6sfnmY/1HO5s47piuWHMKF8/7fXqFt/g+LijW05LVhwZdTru0yAtIzyrurOE4teCNc@gmail.com
X-Google-Smtp-Source: 
 AGHT+IGiJ42qbpjXPpSqWEXCwub8GtHXyy0ksjr7ycAfK5CvOLSluDazRs4Umy75r1XSHkM6ei1o
X-Received: by 2002:a2e:a90c:0:b0:2fb:6027:7bfd with SMTP id
 38308e7fff4ca-2fdf4688e1bmr82063691fa.27.1730809745630;
        Tue, 05 Nov 2024 04:29:05 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1730809745; cv=none;
        d=google.com; s=arc-20240605;
        b=WY9Hu7jFKy6Hnsr5lzDIM8+xrcZFI2hX/y7DivO9ANbRAu29z6l7NJhpHihicbS0Is
         3SLLVoEqMA1rvsnGXux9mQFHU2714lcG+l7OAi0iGpHXUt0QUHd2fnj31hx2b8DgeiMf
         aAhSEh/4Zig6DAHT85NGGGq0JuYxJ048FCmOJZWiv+tvHmT28AgEf/9wk8Y0xnj0fl50
         TA4HZkIBUSkpIbatLIJRYfkWCJ11l/UwaDjJAhO6NauUn39tbYMBfWAb2sh4g1fNnpwF
         Hi2NcS2MueN3U3xhpYGpP/+nPt5IG9DpL7jHNMXNegPFoVJ7zMR1qLWO4/dWxnca6V9K
         RJ9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:message-id:date:to:from
         :dkim-signature:delivered-to;
        bh=yk77KB1E/fyPU8cNKe/3JAdOMJPsFnmTLmzzuTgzgFI=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=OPZujOgvtVve/Rt+fjfh2sDTWA97s729jk+vV3vWTBS2y5atufShOcvVPwSyTOcYS0
         gpo5/HFCsqJVgf+Dhj9EddtBQ+uCnpWEWMJZXlaejCp2/bCgez9F0fk6J6427jAz6ZWq
         8NqnkAQ0AK+b3rPSKZSH/grl7E0yvjNUx69Kni/eTsNjhapiFJe/S1YFxzTsiV2vvpzP
         JBSsDi2YeMWvGbgFCbErrz9fpt5EA+EtLXs5j4l94kuJtuxN+RCI4aproyl6UlEQ/k+g
         wsd739LopZRC91DvkJrHj/T3uRSj/1E26VrY/APSqOeNbapHrkw186lYKVVAR9t//vNJ
         41kg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=IRmPyqGS;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 38308e7fff4ca-2fdef3981ffsi38432321fa.15.2024.11.05.04.29.05;
        Tue, 05 Nov 2024 04:29:05 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=IRmPyqGS;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 74B6D68CFF9;
	Tue,  5 Nov 2024 04:23:33 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net
 [217.70.183.199])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A387068DC94
 for <ffmpeg-devel@ffmpeg.org>; Tue,  5 Nov 2024 04:23:26 +0200 (EET)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 0C56EFF803
 for <ffmpeg-devel@ffmpeg.org>; Tue,  5 Nov 2024 02:23:25 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1730773406;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=blt9hKpafqrnxVN3HeZ8QxL4PbXBHMScrqJpFSKoEvo=;
 b=IRmPyqGSMHDVu8jdhC8+DBqgkOWNjcKVI9RA6f1nWonsdL+oZk8wEsRwa36+N2WymtIudg
 jA+QE50qSAoYRzCBlrRt0WfmQrn/IEFplrYTHxOtiIRRq5Ewxihe7n4mZxjASYszKEyCWl
 YYClUmtrbz+ZAbsq84v73RdpweiLFKbdc1sWOcLvcSPL7aRF3Uu+hZX1onE+sa6IEiJQcm
 6cMUKTe73ikDx69lL13cXhM5Tp79ebryM71O8/+BIb9jPU3Y1qtDTQGTWgKKkP3yhPacJQ
 OBNY8GXh1QVEhB5uPI7gYkWLcluWJN0DcJFAIQ99wrkuTtC9V4ddIMhoBdSIsA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Tue,  5 Nov 2024 03:23:25 +0100
Message-ID: <20241105022325.81909-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.47.0
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH] avcodec/jpegxl_parser: clear window
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: C6ybI0b0++RT

Fixes: Use of uninitialised value of size 8
Fixes: 368725676/clusterfuzz-testcase-minimized-fuzzer_protocol_file-6022251122589696-cut
Fixes: 42537758/clusterfuzz-testcase-minimized-fuzzer_protocol_file-5818969469026304-cut

Found-by: ossfuzz
Reported-by: Kacper Michajlow
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/jpegxl_parser.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/jpegxl_parser.c b/libavcodec/jpegxl_parser.c
index 8c45e1a1b73..179ca1170bd 100644
--- a/libavcodec/jpegxl_parser.c
+++ b/libavcodec/jpegxl_parser.c
@@ -847,7 +847,7 @@ static int read_distribution_bundle(GetBitContext *gb, JXLEntropyDecoder *dec,
     }
 
     if (bundle->lz77_enabled && !dec->window) {
-        dec->window = av_malloc_array(1 << 20, sizeof(uint32_t));
+        dec->window = calloc(1 << 20, sizeof(uint32_t));
         if (!dec->window)
             return AVERROR(ENOMEM);
     }