RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2025-02-04 22:04:38 +00:00
Code Issues Projects Releases Wiki Activity

tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content

Browse Source 
This matches production code which also zeros these buffers

Fixes: use of uninitialized values
Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2024-08-07 00:18:52 +02:00
parent cda5f5c5ed
commit 1b8d95da3a
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/target_dec_fuzzer.c
View File

@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
frame->extended_data = frame->data;
for (i = 0; i < 4 && size[i]; i++) {
frame->buf[i] = av_buffer_alloc(size[i]);
frame->buf[i] = av_buffer_allocz(size[i]);
if (!frame->buf[i])
goto fail;
frame->data[i] = frame->buf[i]->data;