From patchwork Sun Jun 28 12:46:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Lance Wang X-Patchwork-Id: 20660 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 3145E44B41E for ; Sun, 28 Jun 2020 15:46:33 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0721568B6B1; Sun, 28 Jun 2020 15:46:33 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f196.google.com (mail-pf1-f196.google.com [209.85.210.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9436F68B44A for ; Sun, 28 Jun 2020 15:46:26 +0300 (EEST) Received: by mail-pf1-f196.google.com with SMTP id u185so4693919pfu.1 for ; Sun, 28 Jun 2020 05:46:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=waYV+0TPrEIpiZAszZ1BjIKgRKSYlmNzAOxlbdJa3Vg=; b=jO0/mJXSgK25cN+Mmaadm+fVQgVhaXtC0aY5VMqb7fMbFwbuYebCJqXLKX/C036JpV GsOGxdvLyoKaPfoQVPLc8CCHbkxCIWuaeRhkWaxw9qwSOZZFn+SlhhCWw/Ajs1W3aykP 3lCvp0Gj1D1WeKl/fHdDKw1k1ourZIawSlzjPpQVUGmEQKK+KFsfiDJASWEcjMFbRHUO UamkrsqwSuZb4CzXa3XFww/c+moYZtg0/OJ8/8akafp76Fs9Ur+0oAcnfNc0kXleN/dM l83NWLofwGlzhvNJuN0V7k/A9carCG5twiK5s5jJyKJzeWLs56xMnSA9pRGdVUblvUv+ 8AGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=waYV+0TPrEIpiZAszZ1BjIKgRKSYlmNzAOxlbdJa3Vg=; b=CLo+y/Gu87BcJVI8dORVIRH6zaSHTsr1ki5Ryq+D6ckM2OBM/rshsUwfW0w5V1RCiP bRx35wZNFbVzh8yIj+6x+7AGD1PCwqYPuLAbFOiK/gnyNk+/OOFnYeOouDMUsUP+Gl+F GICloPwpnr1mXV4JSq+ZABrzV3PqzYxYoPh1G4UddVdvxs2xAaDUoL80AOUSH9sA0dAE v2PpOHYX+TKSR4BWRm1y2CNOrmFy3TLV4Jm+RVTiXXn/h9VuZ0PeVRFTi7t0i92My52t ivcqDCktRixAR+t/Ex9xQNg5Zdio3BRerG+x29qek+8ib80eLY2T5PKz9vc4uv70mSyP bMvg== X-Gm-Message-State: AOAM530vc+m0JQEdRzxxWYX8p9ZO0KwZVhK+a2tpS8Pi35SKrt+ReYbO UAhZghUgaZ3UyYYiJ27Ny1J9K7Pd X-Google-Smtp-Source: ABdhPJyp3Tdu+HoxhdLtmtdJaYTxUO3+vtsVIIs3BWWAuARFut+wOaz3vlIOJo3xlYkXsRsi+C6utg== X-Received: by 2002:aa7:8f03:: with SMTP id x3mr10069670pfr.64.1593348384492; Sun, 28 Jun 2020 05:46:24 -0700 (PDT) Received: from vpn2.localdomain ([161.117.202.209]) by smtp.gmail.com with ESMTPSA id z2sm3035151pff.36.2020.06.28.05.46.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 28 Jun 2020 05:46:23 -0700 (PDT) From: lance.lmwang@gmail.com To: ffmpeg-devel@ffmpeg.org Date: Sun, 28 Jun 2020 20:46:19 +0800 Message-Id: <1593348379-23289-1-git-send-email-lance.lmwang@gmail.com> X-Mailer: git-send-email 1.8.3.1 In-Reply-To: <1593272784-8031-1-git-send-email-lance.lmwang@gmail.com> References: <1593272784-8031-1-git-send-email-lance.lmwang@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2] avcodec/mpeg12dec: Fix uninitialized data in fate-sub-cc-scte20 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Limin Wang Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" From: Limin Wang The issue is introduced from a705bcd763e344fa, please tested with below command line: make V=1 fate-sub-cc-scte20 TARGET_EXEC="valgrind --error-exitcode=1" Reported-by: Martin Storsjö Signed-off-by: Limin Wang --- libavcodec/mpeg12dec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index f0f92ac..e9bdccc 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2276,6 +2276,8 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx, if (ret >= 0) { uint8_t field, cc1, cc2; uint8_t *cap = s1->a53_buf_ref->data; + + memset(s1->a53_buf_ref->data + old_size, 0, cc_count * 3); for (i = 0; i < cc_count && get_bits_left(&gb) >= 26; i++) { skip_bits(&gb, 2); // priority field = get_bits(&gb, 2);