From patchwork Sun Aug 4 20:53:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50891 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1050552vqb; Sun, 4 Aug 2024 13:53:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXMm177NmaMN5saPOvHwz24p8hjh2oglql/nEGRhmwwkcq0o+Sbe+3BfQ172yg9VmFuk556CW/qW8jHNPnLq9LTSIgEjMuxiQuvOg== X-Google-Smtp-Source: AGHT+IHHCuiRA1xN1XcXtIdUhfhd6kIlWcIGSo0R9lW2ne21+C+ZWJAeDQ3KWjwcBcAnOD+7DdOD X-Received: by 2002:a2e:804f:0:b0:2ee:87c1:3c94 with SMTP id 38308e7fff4ca-2f15ab37efamr58418071fa.40.1722804802862; Sun, 04 Aug 2024 13:53:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722804802; cv=none; d=google.com; s=arc-20160816; b=v25IczrCf1BtLEpr3JTDhZHsFC1yhhkREitvjikHN1qPvmQaaOFSo6vHA3skgtiWmE ZtAYOfyOqEm1Aq0TZisw0ZPPj+QKmZ08BCWIRnHFXd08l8a/EgRbmx5JZKLJ77ehLQED bvx3+MWChkKknpTOyjUJVYTX7Ey1wDwi7B/bItWQyY+qhTUGUlVqi/aAtBhsw/lmmjtf Gm2G28lISThFHI0s97fVO0k1c8vr/PrBmykoFqv2wmN/PXq4Bcr9kbaPDvy8LaEmK1AK xiSRVwg3SwNScyWlUswIIUOnWG1a5lwTEIgIFr+0FvPwih3AgUOgoVBXUrXIKTK2J/HK ItKg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=fEwj84b5g8i50z4QyJLhOtihvgfLTQxeKIwyl7znIeA=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=vKn8iEvVG1HEQTy/LhL+qSjTqh3X7DEhScTwpBt840opW2hBH6cgKmDGbwLGe3WSMn 0DI/dd+s7xJR01sxuLjNu42xevc5b4wt553XWKsIbxDeS3rtflEl+AtfA0rUSjob32Ey T2fdDkWSVUA6LLSCnYHYO/Mfn+8zS4cq1m40ldPYjAD93zyz7WejTuqKARjWPjza/Ur4 nwyOQiYlZwu2lEqNpKoGlkdbIw6xgHijpGqTqwJruhD4H2oPjQGM8+w5evJDw7VvLvEr lFOhFgYJnz+biHxgJcU6LN2ns23JKGhvlMDLmB8M7u2jvCAlZW1J2Z9Kfd9GRw4Mphfh uM4A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=X0UFvE6X; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2f15e21e7aasi18610581fa.514.2024.08.04.13.53.22; Sun, 04 Aug 2024 13:53:22 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=X0UFvE6X; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 223AF68D5BA; Sun, 4 Aug 2024 23:53:18 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 31DCA68CFC0 for ; Sun, 4 Aug 2024 23:53:11 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 50B19FF803 for ; Sun, 4 Aug 2024 20:53:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804790; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=9fmeTzTa1a7oJwoHX4sk3gaZn//v00mSkSpY2sFxWu4=; b=X0UFvE6XyZAq3gTE9ozOPSd85xP5LCSgShMe+8z/9G0+aYL7ns3TS+YVE7NOYA8BszbfEA Q1JWjnzuL/mcwUwYpUq2BmvWnWCFNIDknEYsPvsmd4OnmW7l8kGvn1OT5QlznD2MZ4Mrnp vlpYGcJweovsJMqyQRqBzgTGWafSEnoqwN6cA4EKRkE81sf0pcGdl1x0dPzgqUkRjd0oAo 3toteQrZJ+ysTRGUcyFN2oENeB4WGbukv3VwAZxhCRju2VLCWz+IHC86nEDDi8gQybucNU XRD8FDKAYeF9jlFSimodY1WQhi+eZSPW/OXlX9kmBSV5Sbhp7QWFVXWl1WpMUw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:02 +0200 Message-ID: <20240804205309.1978196-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: W/erqR7da4IM Fixes: use-of-uninitialized-value Fixes: 70842/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-5758325067677696 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/apac.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/apac.c b/libavcodec/apac.c index f740fb5553b..068ad095300 100644 --- a/libavcodec/apac.c +++ b/libavcodec/apac.c @@ -159,6 +159,7 @@ static int apac_decode(AVCodecContext *avctx, AVFrame *frame, buf = &s->bitstream[s->bitstream_index]; buf_size += s->bitstream_size; s->bitstream_size = buf_size; + memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); frame->nb_samples = s->bitstream_size * 16 * 8; if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) From patchwork Sun Aug 4 20:53:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50892 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1050580vqb; Sun, 4 Aug 2024 13:53:33 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVju0HRjTNgP/3uPydPk4mbQVWnS1dNes9For6670pxC+Ki8UyWQzaVIGTIGAmPGpGlqkeo48M07E2rpGjKsixJ+n20jGOTUVyE3Q== X-Google-Smtp-Source: AGHT+IHBlmAL4fT8i3Uet8zLv2dMycN1UY9E9Vr8OlRY53YVwMlw59KwqluTrnazoAc0IxeRoHZN X-Received: by 2002:a05:6402:185:b0:5a2:3df7:bb6a with SMTP id 4fb4d7f45d1cf-5b7f56fae19mr8663883a12.31.1722804812786; Sun, 04 Aug 2024 13:53:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722804812; cv=none; d=google.com; s=arc-20160816; b=uyu2qZuheWt3PR2zn8mkP3hKCq2Q3KeINnpKxrLS/Q2nWfEcgV35/UVhnFBo/0yVJF Mfaa5/tkoEFIxLTVkHBJ3hIC934HcQrqtVh8Ia83yTTIU9D+g9CrWZoQ7OlcNNIh/6Ge XnIrKjxZZBAyHNZ6KzyNIj+k8PDhwvOofBaX353LZOXHKFsmZxd7ZsvvsRm2PQ24J7a7 pPXsIz/u3rMW3GgHOb8OhHM668Cvipr/7uPkf9Wvbb5/hcdPoAgiWgSAkCbba/kKh5qI EPzWNG5J4DS9uotkaOo3nXcGSgMCduqEEph0xxlZijRtmU6GxKZW92qblOZxMKK3oJmv 9MEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=PxU7YMifbCgBSwBF2Dmz87kciNnyaoDXPCynZcbj7lQ=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=qfytKm7MD8Q1O7FubDZ5H0pkkxhK7xImgDzreK0ljApy7BWsNzd2dEMZMikng4OYyR xmsMLUw1LY+NrBWjxpxMo8H4bUfJ7teUIfDRJpfA5vA77hZtmqIoL0VanE8Tm6+a1aJT vKJN5QGo+LYcK1SYt0dXTW7RsBHHVJW197rxjjofBnFCPVKU2kOSmCjLm5KA0mnquKAi ee5AbtHvUnG26HAdJEljmn3JIIkLsGDpdVMytuQotXQBKyWb7y/0VBOTKeHx2gbVQvj7 p9c+lUYrMN2bf2+g+y809MCzXBRxToT+Dg2P3fOrx/Z+vyd7znXAEnvwAl2JQq29zUsV R8Nw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=QI5pa4R2; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5b83c812537si3628428a12.602.2024.08.04.13.53.32; Sun, 04 Aug 2024 13:53:32 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=QI5pa4R2; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6A2F968D957; Sun, 4 Aug 2024 23:53:19 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id F1B9868CFC0 for ; Sun, 4 Aug 2024 23:53:11 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 4193FE0003 for ; Sun, 4 Aug 2024 20:53:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804791; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=lfJxWwyKIGLLaplgcnL1qEkGNZofDFE7hHth5RrTNB0=; b=QI5pa4R2I/qefcumwYEzcIgx1kHJ94uDiMeMbFDkgCrTapb5qvwJKBcczW72RxN4QafBDF 09eaE49Mdddl/8OhwUu2n0TcwtPff7s6s7COmnnxcAoH8KtCgEr1fxddDHnSSpI1moNZiu xrrPx9couUs5pvbqiPkrjjkjaZlGc901q498kruxN1Aas8kVmsKuQCX8bnRWQpJA53KE+2 2EMfbRilkbAF6Gqwr5HK/0gD0+5foqJTF7oO3KQbm9MxMg0PlKKCGX1dR5qICcgaZPpbuL 1yq8i6cQelQiZAZtcPOfqa+F++37nJniNe/yZviJHAHUt1tG2HYprxhUf6LZQA== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:03 +0200 Message-ID: <20240804205309.1978196-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 2/8] avformat/mpeg: Check an avio_read() for failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: YpLz2FJmNsoI Fixes: use-of-uninitialized-value Fixes: 70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/mpeg.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c index c3dff3e4ea2..262e398fa5e 100644 --- a/libavformat/mpeg.c +++ b/libavformat/mpeg.c @@ -566,7 +566,9 @@ redo: static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 }; unsigned char buf[8]; - avio_read(s->pb, buf, 8); + ret = avio_read(s->pb, buf, 8); + if (ret < 0) + return ret; avio_seek(s->pb, -8, SEEK_CUR); if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1)) codec_id = AV_CODEC_ID_CAVS; From patchwork Sun Aug 4 20:53:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50893 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1050625vqb; Sun, 4 Aug 2024 13:53:42 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVGFRJ58vb+tmL6IJ9LaGDQbXfOdQMO9NwM7H3gYQAV39n7EWp2tWw8nycRqVEHq/mtqv6iKF2zscrFaf2ZbtTrKY/A+kS5D5j14Q== X-Google-Smtp-Source: AGHT+IF1p2KSD7ZvOG0lD2rIPwZIbadLysG0+bawUnWQPPwIfiPctt+kn4uXv58vnUm4WDXmF9Ok X-Received: by 2002:a05:6512:1111:b0:52f:c13f:23d2 with SMTP id 2adb3069b0e04-530bb38101dmr6704334e87.25.1722804822345; Sun, 04 Aug 2024 13:53:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722804822; cv=none; d=google.com; s=arc-20160816; b=X5CQiAdKkLCcyZcpGPuA0xDVBXEdpAZOZbcGsPJqz0FKrOBX8qAPE2jIP0Q8W4eG04 VMe9H6PAM/LQ+Sy+Mih1b1GA6XrwJc647aNGIjMvVnITYw+tH88HMMTGlAiUplsg4/Hn 1SqZexHg4iJ+2XyVIzPFl/rz70+bzOhhq/EI8bAYjURdqH1/Mi5RWEAxvR/Jo+BYBkNX 1WGGwZW7CDKurjSAoYJr6HX4Fmko0azB/52LTgwJJUcWQ5Yojvqdp+gHNkPH/LicD7l2 yYV+nxyRvT1MVbwTQqrBJ3klbe0rziiBKs8t5b3EUaP4oGyBDTFNdPjcB820yVAUuYEa tgfA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=lpW8oJc4rwjlw4bZf/u2s/FBIaiPEVUvjyY8BnUowNM=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=NgdiRniTJHRJwP7CKEo7mkt9RZEKrsoK8o+Lz0ndloEhwSNeoB6mBfh3+owZbUr/t4 0Us97Ro02E+M9YI5s3JzgNfXYpbg4yoN1Owc0OknK4laPdU00IzCRWZ8jo6KTNuXApC9 OHOWbRVfb8GWZobHynfBxrc9Ny5RmMq34xkdGKfliNkfR4HgFYYJd7H0F0zlzIz/+jkI 38bp/Ul2O0XMt7gy1hFlqbKh/GeWGmvBOpZAv4ubcQ6Be0HedR0HTW36cURLyVe/y5F0 xhWvzz7XAH2WdT5bHK3ftzicCPU0KryM+l4AQCQEzfzOP7txvlfp4F2R0X7GQDDya308 /iig==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=Hw1gPwb5; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a7dc9d68a79si354776466b.302.2024.08.04.13.53.41; Sun, 04 Aug 2024 13:53:42 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=Hw1gPwb5; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B94F768D795; Sun, 4 Aug 2024 23:53:20 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3F3DC68D20C for ; Sun, 4 Aug 2024 23:53:13 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 7C63F1BF203 for ; Sun, 4 Aug 2024 20:53:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804792; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Sq7fsOIXDtotQ+WTn8a3zqGxmLFQsQ+5amFifnAgpuA=; b=Hw1gPwb5l4nCIPxFeFR27ZWhSdHPLPtrGNmNEZk0HIgLSmuChr9OONUEHfV6C9u1m6UGXP diZNUOpChMT6XBI2Fs4WEZmjygjPYEr4gLzvkwtsAMizcVzyG+JWs3a8My/dy43gW89YmM UL81itmjOM6CdBQH+9HRnYZVgGoa4Lxu0Mg/+1zVsH/RxVTGjD1rnFValxYT0IjEg3yeBT wMw5t13Hm7J4wMIkgFqtR0j1hhCoXWtAYBuHWyafVlWoF63PP7AAh73k8zJfdCqcnypmcH goFeD/y8a1kLPJcjRHGSGtqmh+eOgMSPSbBWCw8cDGGm8FHvIVdhV/36RhF+Lw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:04 +0200 Message-ID: <20240804205309.1978196-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: tBYCKRNDBUv2 Fixes: use-of-uninitialized-value Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/img2dec.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c index 20b1bc31f6a..3389fa818e9 100644 --- a/libavformat/img2dec.c +++ b/libavformat/img2dec.c @@ -563,6 +563,7 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt) } goto fail; } else { + memset(pkt->data + pkt->size, 0, AV_INPUT_BUFFER_PADDING_SIZE); s->img_count++; s->img_number++; s->pts++; From patchwork Sun Aug 4 20:53:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50894 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1050658vqb; Sun, 4 Aug 2024 13:53:51 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXD8aiqZwaRDJWP90ZeiJiHQW285IrD2gauI7zelcEHkJN9L/bI5NGofHBTc5u+TAMpqcW/feINcNQQKgvQMx1QB1cOUfbjZN2Cog== X-Google-Smtp-Source: AGHT+IH6469T1xNvt3V0X9g/24auD90H5K8GeUWnTUHRDFTWvgDOMJlEnr3JRY+25/TeyW04t56F X-Received: by 2002:a05:6402:185:b0:57c:aab2:7311 with SMTP id 4fb4d7f45d1cf-5b7f56fd9f2mr7366056a12.29.1722804830976; Sun, 04 Aug 2024 13:53:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722804830; cv=none; d=google.com; s=arc-20160816; b=LEG7+I8r+c9TsqmDgjJmzraXs7VK0SeahmrIwJKL9SkF4+6EvdLlqdqqzveHrDTCRq x7kRqk8+Ef2A+NSN3bxyKBBfHjOnbh3rh57kOf6t3+mAN6k6H3P8WlzM6QIMoUFKQGnc ZWfRrICbJB56dWmJF4KSS2jExKWYv7WVn/zRhyCAAuGD5P+2njQ/zDmYhRo13UjAjCAN QMByyqcVKOxfirx/BXoUJlxRSJAzHUBx0bFFA89XBly5PaKHSEf8SbiCzmO3d6a9iBch /EqTQQfG6KzSP46D5ZUC/RQLG5f6F1XZB+j+297QVbgCDehAcbwuLcKYPkkWUiVB4U74 Lmcg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=dsQ2CaOUgC/MQBilh2EKx5KhEYEUv+dowjXuzDuPqqc=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=CEuL9CAqtev0bwP/R02mJyDSCJiI0gZuLHc9rIbjsjaDD7q3COkY9imvLx8Yj0b3i4 2GAb1X13Pk4MD+4eOKYAWviRws/37zzrt42nHVsAegAIAfONTzNEBtNoNT2kMDEEzvJP 5NdW54nVDuDF/uBkCLJnPMZp91HBNBGCIHdULOJG6szLVOUkMLgBFm/S6h/8mpmhHUO6 vejVjSC4u28qYIANTEx6dPcpfAA7Jwb03Hs/4VkKmrn+peZMevnpm0RNAu6BxVPk9ifq xHpBtlzpk4MJ0a++3ftcE2Q3lXc+KaEtdJ9dPA2He54eqBbzHBUDNd4mewObI33T6yVP Qw4A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=g32RuzjD; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5b83c61c85esi3566102a12.541.2024.08.04.13.53.50; Sun, 04 Aug 2024 13:53:50 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=g32RuzjD; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2C2ED68D96E; Sun, 4 Aug 2024 23:53:22 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C3C8768D88D for ; Sun, 4 Aug 2024 23:53:13 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 2C87F1BF204 for ; Sun, 4 Aug 2024 20:53:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804793; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xX5BXjIlQTCuXuFpdry5YxBamk+71Ghl1vwv0uf634s=; b=g32RuzjDOiWsGYAD+aS66Fr9As5p08Xt90JV9TzsijPoc1mGjUX1hXq1fHALfXmHbmbMxw y1nVbWMxYzWc0djA4nWJeZ8Oq6kGICc7mKab41otCOqMVLdpAXdgEoIi7V+01FUFVmS3u2 8k/+KCu6IiA+jSl6C9EblgQtQmUio7j7Iji7jjv9dDW7nYhC4rXP21pG466B5hXQPkF8yF QXoX3+iIFSZjd/N+JeVy+WxMunhqfXZ7U/qNYXEcb4S8wJkvQRq6GlPzKYssJi7iD13jBm Rj9/aMgrOZHQtyIpHWJi1/9zdhBM0DY7+yVbuJhvMN8bfzBB0DALz8f9tH6JYA== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:05 +0200 Message-ID: <20240804205309.1978196-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 6q8B7TOri3Am Fixes: use-of-uninitialized-value Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/parser.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/parser.c b/libavcodec/parser.c index af17ee9c156..426cc314fb0 100644 --- a/libavcodec/parser.c +++ b/libavcodec/parser.c @@ -236,6 +236,7 @@ int ff_combine_frame(ParseContext *pc, int next, } pc->buffer = new_buffer; memcpy(&pc->buffer[pc->index], *buf, *buf_size); + memset(&pc->buffer[pc->index + *buf_size], 0, AV_INPUT_BUFFER_PADDING_SIZE); pc->index += *buf_size; return -1; } From patchwork Sun Aug 4 20:53:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50897 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1052523vqb; Sun, 4 Aug 2024 14:01:10 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV+u0p+RVjs3uuZUnlGK8/LO+ZmrZhnTdMapyeA6cnzXh4NvF+eMDYumVGYd13PryDJOpcXZIOQIEOnLstcpaqFwcA5LU3CUBCFSw== X-Google-Smtp-Source: AGHT+IFegd2woQofWjUszDecSRv1v8QXBkUDAVsFsLoUX8eb/8GumVkXIbzSSNMTw/n8eB9qE40O X-Received: by 2002:a05:6512:2250:b0:52e:fa14:cc96 with SMTP id 2adb3069b0e04-530bb37f8e4mr6286154e87.34.1722805269958; Sun, 04 Aug 2024 14:01:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722805269; cv=none; d=google.com; s=arc-20160816; b=pThNuqRoLPnEu4F+SJaJhmw7Tws5xQ6WhlqsjN1zpPpJPloLeSp0i12yardYUsGcEl XbBa2Gvg8sHSiYFv94P/KLHm5fQhNksK5sqBUmjLgmtWa8dotm4nZkiJiDeP55yJQxmf V5eAwDTY3sHjMM15XzL5/sT/2pkRTf3S3/HkjsP7CZdygRHpFyHH/k1G3obb83oyGnM3 XJzQCCp8X4CHDUJ0hS2KOgZscHqCJ2HDOcdc2r5Iwnn4i+WEYGXy11cpLTgyarJgCdm/ RcIt9JDHI5VD7wef72L4vBGCzocCgAi6uaCwH4xyFganTdBwTqY8Cx1MSgMGVQ0RYncf PFPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=vZNJuJ56dKYbOTipeu+IXAf9QcSjg4j/9FAPpSg8EBE=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=MbhfZEwpddkKLYJhzVdzhoTN63jNDT/J4sNnHRIjks+vac4yNXqFd/TwO0F9lwJYMA Hxm6HaGYVMi3LTrNe1/IVnALL1aCdzPv4UFV7jCRStaXj8Pu0T5XxXb41eIOJpaHrvh1 l5evGyUV/4s8Jndk2pcATRnn72zNo5z+jjpHQkLw3QcwFP29jHBT2vMTIbaEp6aYj0UE Vnyh/gqmCi42Ud6Eyr6r15eFQ8LK9OkXai2108otMt0f6QcDTmsluZ/xvgJg915aryGD mTzIBwoDnthbIzpd0/TAaCN1i8ujH5mCw+XRCK2bZ7fhu9Lb6Gip3XPtPj8zK9HEAd1g MezA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=Y5tRKnSC; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 2adb3069b0e04-530bba275a0si2025433e87.208.2024.08.04.14.01.09; Sun, 04 Aug 2024 14:01:09 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=Y5tRKnSC; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3F88D68D976; Sun, 4 Aug 2024 23:53:23 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D60A168D965 for ; Sun, 4 Aug 2024 23:53:14 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 312D140002 for ; Sun, 4 Aug 2024 20:53:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804794; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wa0DRyXfzaK6j9ZJYaQKMORESpt4SkUJaB0ieJGB958=; b=Y5tRKnSC4is+eIJ22P2Q/N9KhUiD+8jWHrNjyfStiLF/2lOKowu1oXg5c+kLk5XFxUx7b2 fP7RuTi3BCHPgZWJYnhcltsM123lnAGnlw5a62EXOEeKE2kqWW04fBbrw4f1MBVT8yd8I6 igAIf17770Q4wkIl9vBrsmJy5qiMgX8qBjz+QkovD59Z2LaQ6uQPKsZNOzz3alPb9Wp4EG edaxY8Ps4WaqQ2QW7cDvPGX7oyCBbGwa7nXr5wu0uRBsH8d/4XC5Xy1UWhDSUZcvbowOxk Gtieodh7EFlPZLTSVm+Qzkc2h6qBOc7YoBlpnSgB3tMErIdt7fxP3mJ92/txmg== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:06 +0200 Message-ID: <20240804205309.1978196-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 5/8] avcodec/shorten: clear padding X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: C/1AQqZkJLz8 Fixes: use-of-uninitialized-value Fixes: 70854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5533480570650624 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/shorten.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c index 102992e2b2c..12a179156a7 100644 --- a/libavcodec/shorten.c +++ b/libavcodec/shorten.c @@ -563,6 +563,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, AVFrame *frame, buf = &s->bitstream[s->bitstream_index]; buf_size += s->bitstream_size; s->bitstream_size = buf_size; + memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); /* do not decode until buffer has at least max_framesize bytes or * the end of the file has been reached */ From patchwork Sun Aug 4 20:53:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50895 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1050742vqb; Sun, 4 Aug 2024 13:54:09 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWi7yxrxZ46oJTuPjC/wR4cPDk6QwiquxeQPGCU2BxMjc+Qfs2DWxGsqsDcN25t3O4MXAspDgP627wEjVxNXlKLfSsQDsX6kFpTeQ== X-Google-Smtp-Source: AGHT+IE1sfuG3FYyg7gzfz2NIpkpFGHP4i1xf8L1Qjo3uu6LQ/4gSD1odCvu4FRCBHEJQRUVZ8N4 X-Received: by 2002:a05:6512:3d18:b0:52c:dfa0:dca0 with SMTP id 2adb3069b0e04-530bb395e74mr6418221e87.43.1722804849056; Sun, 04 Aug 2024 13:54:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722804849; cv=none; d=google.com; s=arc-20160816; b=WoXKSSYRqUDKKWRsi8+FtMv5WyAUrSWyL7MkKCdJxxsphnyQUpwhFCFxSnv5kmfecB QwKQPz+64ZREDVCJ0JxUHh9i6qtn54JAbc3Tvx3XyshgPegZUCk8VKc3Av+XFoe0TjP5 lNFyKaZvVGeL+hZUAwa3t5wShZPqya6f4jXlIHmIXc8loaslejFQPaleIMQEPHOdU28C rB/tO9nDnVsIhzIGL08CrZxlg53EXfUVRnVud3FXztVtxhNOGnCvAScjlFJ/hSPwqaqc eUm7hkGwgihxdSKC0uYY5I8E3pMPSsf0KI893YjW/cBmvbuCIamlPyefBKeIezQyt6jX c+cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=pRBep565Yt19QSkW3T/c7H59RLF1yt+w+MLp5LoHoyE=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=H+JFi2JoPDRhGiIVa9Q+uA10ItUkV4XksfoKhrm8s8UaVankQsnhn8BKVZK5w+qzO1 owKgkE83KJWVGoFJY0JA8JhYApRkRBAGEcDBIQKyaYA+yAAD41clovFnZ+VfXR1C+Vkk FYL5KYN9clDOlPz12mI8SOwkseFOSYyX5Ae2AJY0UEyWAML8hK1jmzKs9DMcJ6psxmcy 7lJoPIKjhcueWyksavyE+YEwjnrg9HpQlvVfn9HvP906PUVUNVSyp6cn8DU9xeqsnIoO hawIH1LqD02VnhDAPIKksPQ5KW56Cq8Enh7c69TVmnSl18USUEhtk+CVNLls6/F3LbcC GgBA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=hA5XHtWt; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 2adb3069b0e04-530bba3058csi1985744e87.344.2024.08.04.13.54.08; Sun, 04 Aug 2024 13:54:09 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=hA5XHtWt; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A7AE668D98A; Sun, 4 Aug 2024 23:53:24 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net [217.70.183.198]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E835468D7FE for ; Sun, 4 Aug 2024 23:53:15 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 2F0AAC0002 for ; Sun, 4 Aug 2024 20:53:14 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804795; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=o+Rwnv+mtFNWZNqR6p7mi2C0ETBKP/EgXU0qkY8dXJU=; b=hA5XHtWtrQCs/EcAPBcuPmEjujqxwhP8uB4Hs9zclI8SXG6bUOa44Rnmr95OqUzAReTXg/ gW5yV9p3Oeq+ur712ZSY2MpPbggwv/jvVxUzZw/nAQKtR5JWHITNcwn8u66PpntDDM3Cro gSE31hLBoNeIjYIf59Ta9jpnZbYuSggh7seOTV9TbvYTgOQQ4mV/FZPQsBZRkW8HOj3vRt HkZzC9GpAnsWaxYt/U/Y0TfHDWo+8QzK6gfuoHP/YZQ3Ax8moE+Btnqz7pWLdeexPMuP0v dveOAtzcaRn8naSxZ+xmmynvwZvfhg355Q+PGvYj6zls0xHwJfUFmbJsu7XQ6w== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:07 +0200 Message-ID: <20240804205309.1978196-6-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 6/8] avcodec/vc1dec: Clear mb_type_base and ttblk_base X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: mMYxaYNSUCsu Fixes: two use-of-uninitialized-value Fixes: 70856/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5539349918187520 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/vc1dec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c index 4b31860c3fe..5f1a5bd437c 100644 --- a/libavcodec/vc1dec.c +++ b/libavcodec/vc1dec.c @@ -379,7 +379,7 @@ static av_cold int vc1_decode_init_alloc_tables(VC1Context *v) if (!v->block || !v->cbp_base) return AVERROR(ENOMEM); v->cbp = v->cbp_base + 2 * s->mb_stride; - v->ttblk_base = av_malloc(sizeof(v->ttblk_base[0]) * 3 * s->mb_stride); + v->ttblk_base = av_mallocz(sizeof(v->ttblk_base[0]) * 3 * s->mb_stride); if (!v->ttblk_base) return AVERROR(ENOMEM); v->ttblk = v->ttblk_base + 2 * s->mb_stride; @@ -393,7 +393,7 @@ static av_cold int vc1_decode_init_alloc_tables(VC1Context *v) v->luma_mv = v->luma_mv_base + 2 * s->mb_stride; /* allocate block type info in that way so it could be used with s->block_index[] */ - v->mb_type_base = av_malloc(s->b8_stride * (mb_height * 2 + 1) + s->mb_stride * (mb_height + 1) * 2); + v->mb_type_base = av_mallocz(s->b8_stride * (mb_height * 2 + 1) + s->mb_stride * (mb_height + 1) * 2); if (!v->mb_type_base) return AVERROR(ENOMEM); v->mb_type[0] = v->mb_type_base + s->b8_stride + 1; From patchwork Sun Aug 4 20:53:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50896 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1050783vqb; Sun, 4 Aug 2024 13:54:18 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUBf1j5XUOstvqjqdDtPH2Lou91IRKmKjeXMTMiLZAceISsHB88pQFX+jAi6xPy3lmIKQmuLJ4WddY1t5Z8WmCH10NA+EE/oaik+w== X-Google-Smtp-Source: AGHT+IFIyriMo5Ncu4h/MnmkmDH/08Zq3a5oeq+KNnRfxe+mUoLJChm+RL5njkEhmmtS5RDgkoLp X-Received: by 2002:a2e:3815:0:b0:2ef:2dbe:7454 with SMTP id 38308e7fff4ca-2f15ab3995cmr64607291fa.43.1722804858227; Sun, 04 Aug 2024 13:54:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722804858; cv=none; d=google.com; s=arc-20160816; b=01O72AVaDEehJTAgIixkXaz3Ti3ZklIa3NxpkJxXga2SpqkQMYMr6rEimAqI7ewfGp t46NlthpMSuV6Cz32fBEv84uYm0Eut0/DqYF07P5XNwbNWQhBjTR85/sR9cTaKhFYEbr wijiyrP4u0U8rm2q+A9EG/RIokbsruHQr/YjIRL6WVMD5EM0lfjD4DE6naSP15/kQbM9 8Cjg8Zbn0I9BfrJ5ofLbVID6ExjJ3GO1pbmWXnQJ2xLM3p2P8JGawy1BftDqnotT/M6G rDLP8Vm4sgKdctpQwd+IlFyMkXWuMoVovjDUWMhzj5aX2d+Q5bWDlNEXm4B/U8Dq0niI IyLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=3WOJdFcyEyiKEF06sPizLHoi3uwZv3TH3TiKI8EhM1E=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=KnsgOxu/Ozm0Ahf7sWVqnysD0x04OVxjrPAmeOs7p0ldwBq7WeWLuSEHooAj03YB47 xLmlH0QbHhkBSbm7mxDjCh4u7tjWHDA7sD7s9N9SmIH2bp0WvMCc8rA2Y/TdkkByvmSo /FlUhK2W2Jr3bECG3iCF6JaX2BW2wi0GeuNCajdKMHCl9NmNYNysdXj+m8t6Zdy1bSOp TMLSvY90CNwPVCR8LMZaysEYXbnvN9D9xkvPiREPqZPDWqg2wrWT+bdyIlk5jNdKizyA CyQprSyIAggLRA7GQNbuNz0u03yudqJqq/fv5dR5/hb2ghBiekRx1zo/DhCm7+YrHaeo 5eOQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=kmW9PhKB; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2f15e121e14si18626891fa.128.2024.08.04.13.54.17; Sun, 04 Aug 2024 13:54:18 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=kmW9PhKB; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 05F6768D995; Sun, 4 Aug 2024 23:53:26 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E069368D96B for ; Sun, 4 Aug 2024 23:53:16 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 2A7D1240003 for ; Sun, 4 Aug 2024 20:53:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=gEnw+cO5IFsTgpbUp3uIamtDATNa6XWLlcVcxL4Yva0=; b=kmW9PhKBKn+1Tg+UT3ueXD3KQk9HvxXPgnFr8zv0fO58Hn+G8gBjA0QtgGVjuD8/nEj7wf m7ue8nFSHpD1EQIpnBcEN04oFhlhXYMXVRJfbMOapgzvm3YA0giXa8tNc31r3m1MiCzi8x JTmK+2zEOpVgYQDhkJmZF/2ZOS7dQ59kmbheUaxJsuVGwHzI11PLpNE2S77BjkzIWEbJAe Sy0rwPsmU+1u7PDfy2A7c62RfnPRvwjSEcxEmxNYmD3N9gip44wlZ7+KkEntLqRQywefFt K0S4I5MmWSJr8Jua8vcY5zMwaTDhaA4vMbnsFeRGRhOM9Y7t02cts44E7ms4JQ== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:08 +0200 Message-ID: <20240804205309.1978196-7-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 7/8] avcodec/aic: Clear slice_data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: DOfZ9u8zplLP Fixes: use-of-uninitialized-value Fixes: 70865/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-4874102695854080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/aic.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavcodec/aic.c b/libavcodec/aic.c index 3ff170b414f..e12d689c478 100644 --- a/libavcodec/aic.c +++ b/libavcodec/aic.c @@ -465,8 +465,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx) } } - ctx->slice_data = av_malloc_array(ctx->slice_width, AIC_BAND_COEFFS - * sizeof(*ctx->slice_data)); + ctx->slice_data = av_calloc(ctx->slice_width, AIC_BAND_COEFFS * sizeof(*ctx->slice_data)); if (!ctx->slice_data) { av_log(avctx, AV_LOG_ERROR, "Error allocating slice buffer\n"); From patchwork Sun Aug 4 20:53:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50898 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:1f5a:b0:489:2eb3:e4c4 with SMTP id jm26csp1052572vqb; Sun, 4 Aug 2024 14:01:14 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV/4/loVyWfxEiIxhFNXzmCJpy7hwKzrAyZobIKMWllAXppO3Qn7TEfbN/9yeM91NCPYNKLWgPqCbMXRb+mBr+zig0VdXoYY4Uyhg== X-Google-Smtp-Source: AGHT+IGR3m2TdJbBI77W/nyQLoGZNFdKTijcmL7k/xyTQn9iuv4gTJakCMer5jOI4X9ulr05iUgs X-Received: by 2002:a05:6512:10d5:b0:52f:244:206f with SMTP id 2adb3069b0e04-530bb3c7ea3mr6214085e87.53.1722805273887; Sun, 04 Aug 2024 14:01:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722805273; cv=none; d=google.com; s=arc-20160816; b=hBVkM6OgR58TnA/bfvW8wjWK3bGqYRc7vmBSo6QJKpIT0/EeL/2fs6q+MWm/Zrw9BP 6kJIy9V6miv8C/tiRgM8evruc4OVnnBGtmLt4w0N+wE6VdPfG4uju0H/1dXwA5wT6w/A WGIGYVRpMjMibj3Ovj4x3NbJbLJRDVr3OwrcJ+x81fB1XptrMDjJZnu6FYJVASu0sHba U82TzPkNnGWPfipUmWo+keJ63jRPhCMta8nSq7gkckn5cPRgFxCMR1IOO6PBSHm5sUVG 0pac2vgipKjlZph5ymTVdN0Tv2+h7LALVAQbvj/bmolccsXjww7k7S2zuVL6aKO2HUHI ThtA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=cwpkRyKVHj+7G7MbzaPU2reDab27RhP0wYZxVJ5n3l0=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=AEg4BmOop6+fgZKqEtYwX0TLb1DXqcxolyKolV6c5Zk0HHayaDDIrVIdwm1Mw+ETC9 8Ry/ewaBd+/F+NCupQfr+zMU9Ym99PYNQK4khAdnW6ndrogpK7d4pxZd7QJ0KZiwVGba EIKYTsoIvMScfuvQ5CSu7w1ISFViOmTJgQV/5JzVjDLlWY+DgQuTWjhZuQ0HjK1l6xlN evl7T0/9iJIejIOLbNd446w2CNUyQQohmztTvpANzJcDjp23fOciDjtmq1RtLjgsiAbU LIVGi5VTJg+LIDv+TKrLr5ZeEx6/fiDQOVPHcexaCPfVHxOfRqfSYcZq5gYLbjkWCulx tnSA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=dLyqZrv6; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 2adb3069b0e04-530bba0446asi1969629e87.110.2024.08.04.14.01.13; Sun, 04 Aug 2024 14:01:13 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=dLyqZrv6; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4C25668D988; Sun, 4 Aug 2024 23:53:27 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 748CE68D96B for ; Sun, 4 Aug 2024 23:53:17 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id D35901BF207 for ; Sun, 4 Aug 2024 20:53:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722804797; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=S75XJpYQGlGxfLzxyOySXQ2ZFXyteDOTz5YDpptYYtE=; b=dLyqZrv6MBq+1e+kG1BjRcu8cYR3o2crqANxBVZFT5gt+hrjUAN1kgth+NvhKnH1hxjO78 /VFoFzCFXlL5epYgfAKPD/H6VIAM9pDh6mmaNf8y2UylRguFw6UQhZ7APXicb9LU7EjZP/ RfE9lfcZHecZxLnlWaSL3KDW3qENQzq9wsrcJ2XLJMYuCv6Hv2AWz9ogsqQ44V6F2uiMPs FvJ/fYhVCDK7cu/TlbfM46IK2W7zRJqSy7H+lv3dFxgOe/69EPvFt0Uaw28Sll6jXBdygl 4UWi499PLFQnZ6DQEEwo0xSuNK40oxRaBAkLl2UtVcu5pVXPDbuGWSdHHzRdWg== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 4 Aug 2024 22:53:09 +0200 Message-ID: <20240804205309.1978196-8-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240804205309.1978196-1-michael@niedermayer.cc> References: <20240804205309.1978196-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 8/8] avcodec/alsdec: clear last_acf_mantissa X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: WHFd2HSE0Hkd Fixes: use-of-uninitialized-value Fixes: 70869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5476567461986304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/alsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index f4f67917d76..28f20799854 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -2112,7 +2112,7 @@ static av_cold int decode_init(AVCodecContext *avctx) ctx->acf = av_malloc_array(channels, sizeof(*ctx->acf)); ctx->shift_value = av_calloc(channels, sizeof(*ctx->shift_value)); ctx->last_shift_value = av_calloc(channels, sizeof(*ctx->last_shift_value)); - ctx->last_acf_mantissa = av_malloc_array(channels, sizeof(*ctx->last_acf_mantissa)); + ctx->last_acf_mantissa = av_calloc(channels, sizeof(*ctx->last_acf_mantissa)); ctx->raw_mantissa = av_calloc(channels, sizeof(*ctx->raw_mantissa)); ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray));