From patchwork Mon Sep 14 17:49:00 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thierry Foucu X-Patchwork-Id: 22381 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 4329A44979D for ; Mon, 14 Sep 2020 20:56:46 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 20AB668BAEB; Mon, 14 Sep 2020 20:56:46 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C9FBA68BAA0 for ; Mon, 14 Sep 2020 20:56:38 +0300 (EEST) Received: by mail-pf1-f193.google.com with SMTP id d9so220246pfd.3 for ; Mon, 14 Sep 2020 10:56:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=st/7hzXFhIkLkCrqQ0Ik3/DKDQ88vpOntsWwXzK0t9w=; b=uazbwZ4bT6aY1FTil34C6L3q/8QKIM4J3Up27NDu+6LV9bzQymyeqa4pIT+3mHhAHN ow+dxFBwVOk6FOHfVDrzzzMZ6lE4M5/oaZ+7AKHn3U6Y/wbl22LnCDl2PNc5lVPrvxMz qJsIKV98w6qOGe3mdGy5uQu9Rfmb+UdmZy55dHGgI9o64zoz6vFjRz1jcP2eV9obUnS7 NCft4euzazL4xqf65zgCTZcQXPiFZk6VRolPAh+1+gBf/nQKhfEyToUAqrU4nOM7nJP8 mKhOEUyaxB4YozGIGcfWarKL5Wyl9tmnmTJB3ryNWh8/6B3RyH/A09ntX2+LGjXfhsG7 Zgng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=st/7hzXFhIkLkCrqQ0Ik3/DKDQ88vpOntsWwXzK0t9w=; b=AKKlZPvGpjvjXXOfKcVu3LARcL32BGu6389Tl2HipkiiitXvwBCQkqUKbnRLdD6d1Q Aq/IF4DY1rjDUDVj5Q5eAU/0lQNlVO8/yV5l4RkNS9j4W7l9Ik2BMfhOAytd2agrU6ka m6OxznIQabcMyE5sSHpldXFaU4nKlEBU+61gZYXGTn7pE2SMbeqXEE499QzDDhRRUh0r igzV2iLxr75MVcafcUdgarODwYqVWtjGUoh5Jlvcl17zlHgPWFEId7OTKyYroXyKNux9 G7zRtvliguFB7PXgcRSK8khKYIqAmgo+NtVrtNzs8brNcqcWBgDy4gVA8hMw0g4yFckj BHxA== X-Gm-Message-State: AOAM533fCq3hP7LoRjJmpXM8PHFKmQ6jTgIioLkuqsvut/jb8RzllZoj ogpxHULwaqBRubI4Tq50o9bNBtpjeVs= X-Google-Smtp-Source: ABdhPJx2YjpsRtsXKe9wwoBX3ZlUHeJVEVu9Mbsi/ayxI+67dFFE0IvDPD4dlNNl8BhDN0PczjASTw== X-Received: by 2002:a62:ed08:: with SMTP id u8mr2320376pfh.130.1600105744188; Mon, 14 Sep 2020 10:49:04 -0700 (PDT) Received: from tfoucu.mtv.corp.google.com ([2620:0:1000:4001:a28c:fdff:feed:4b81]) by smtp.gmail.com with ESMTPSA id z1sm6509305pfq.102.2020.09.14.10.49.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 14 Sep 2020 10:49:03 -0700 (PDT) From: Thierry Foucu To: ffmpeg-devel@ffmpeg.org Date: Mon, 14 Sep 2020 10:49:00 -0700 Message-Id: <20200914174900.3743929-1-tfoucu@gmail.com> X-Mailer: git-send-email 2.28.0.618.gf4bc123cb7-goog MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] libavformat/rmdec.c: Fix Use-of-uninitialized-value in ff_codec_get_id X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Thierry Foucu Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" In case the pb does not contain 4 bytes, the buf[256] will not be initialize before we pass it to ff_codec_get_id --- libavformat/rmdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index a36e693ab2..220aa8aee2 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -180,12 +180,12 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb, st->codecpar->sample_rate = avio_rb16(pb); avio_rb32(pb); st->codecpar->channels = avio_rb16(pb); + AV_WL32(buf, 0); if (version == 5) { ast->deint_id = avio_rl32(pb); avio_read(pb, buf, 4); buf[4] = 0; } else { - AV_WL32(buf, 0); get_str8(pb, buf, sizeof(buf)); /* desc */ ast->deint_id = AV_RL32(buf); get_str8(pb, buf, sizeof(buf)); /* desc */