| Message ID | tencent_C2AE4F9B5561A71338BB16214D2E20094D07@qq.com |
|---|---|
| State | Accepted |
| Commit | a12ebbbcaa07b0ce77c413146ac0120e3f4f3a8d |
| Headers | show |
| Series | [FFmpeg-devel] avcodec/libuavs3d: fix access uninitialized variable when draining | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
On Thu, May 12, 2022 at 5:55 PM Zhao Zhili <quinkblack@foxmail.com> wrote: > > buf_ptr is uninitialized and accessed when function return. > --- > libavcodec/libuavs3d.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/libavcodec/libuavs3d.c b/libavcodec/libuavs3d.c > index 6966e00b62..23de4c8cd5 100644 > --- a/libavcodec/libuavs3d.c > +++ b/libavcodec/libuavs3d.c > @@ -149,7 +149,7 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx, AVFrame *frm, > const uint8_t *buf = avpkt->data; > int buf_size = avpkt->size; > const uint8_t *buf_end; > - const uint8_t *buf_ptr; > + const uint8_t *buf_ptr = buf; > int left_bytes; > int ret, finish = 0; > > @@ -170,7 +170,6 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx, AVFrame *frm, > } else { > uavs3d_io_frm_t *frm_dec = &h->dec_frame; > > - buf_ptr = buf; > buf_end = buf + buf_size; > frm_dec->pkt_pos = avpkt->pos; > frm_dec->pkt_size = avpkt->size; > -- > 2.35.3 Sounds Good To Me
> On May 13, 2022, at 8:59 AM, mypopy@gmail.com wrote: > > On Thu, May 12, 2022 at 5:55 PM Zhao Zhili <quinkblack@foxmail.com> wrote: >> >> buf_ptr is uninitialized and accessed when function return. >> --- >> libavcodec/libuavs3d.c | 3 +-- >> 1 file changed, 1 insertion(+), 2 deletions(-) >> >> diff --git a/libavcodec/libuavs3d.c b/libavcodec/libuavs3d.c >> index 6966e00b62..23de4c8cd5 100644 >> --- a/libavcodec/libuavs3d.c >> +++ b/libavcodec/libuavs3d.c >> @@ -149,7 +149,7 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx, AVFrame *frm, >> const uint8_t *buf = avpkt->data; >> int buf_size = avpkt->size; >> const uint8_t *buf_end; >> - const uint8_t *buf_ptr; >> + const uint8_t *buf_ptr = buf; >> int left_bytes; >> int ret, finish = 0; >> >> @@ -170,7 +170,6 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx, AVFrame *frm, >> } else { >> uavs3d_io_frm_t *frm_dec = &h->dec_frame; >> >> - buf_ptr = buf; >> buf_end = buf + buf_size; >> frm_dec->pkt_pos = avpkt->pos; >> frm_dec->pkt_size = avpkt->size; >> -- >> 2.35.3 > Sounds Good To Me Applied, thanks!
diff --git a/libavcodec/libuavs3d.c b/libavcodec/libuavs3d.c index 6966e00b62..23de4c8cd5 100644 --- a/libavcodec/libuavs3d.c +++ b/libavcodec/libuavs3d.c @@ -149,7 +149,7 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx, AVFrame *frm, const uint8_t *buf = avpkt->data; int buf_size = avpkt->size; const uint8_t *buf_end; - const uint8_t *buf_ptr; + const uint8_t *buf_ptr = buf; int left_bytes; int ret, finish = 0; @@ -170,7 +170,6 @@ static int libuavs3d_decode_frame(AVCodecContext *avctx, AVFrame *frm, } else { uavs3d_io_frm_t *frm_dec = &h->dec_frame; - buf_ptr = buf; buf_end = buf + buf_size; frm_dec->pkt_pos = avpkt->pos; frm_dec->pkt_size = avpkt->size;