From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 0144C4C2E6
	for <ffmpegdev@gitmailbox.com>; Sun,  8 Feb 2026 01:39:26 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'o0CH6TBDxQiKsCbS9YHdX/3YhqrvC5VZV63uOe3Tn/E=', expected 
   b'K2HC9ZjM+SzlJ0A3ZPZ/JdQiOqUTH5YOLv8jfQMfzvg=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770514759; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=o0CH6TBDxQiKsCbS9YHdX/3YhqrvC5VZV63uOe3Tn/E=;
 b=1Lg5VPNzQZ0U4ZTZdnkNa8ZLULeqm9WtH06fjIQHZNs5J97aiuZqrQzfW1HbOrwoUx/s3
 IcRYGsd7EI9Ygsqh7FvKnzgtBnJn1+dbN5DNrrKM5VJraRt8RNkIk9mlc9v+YChpE7K20Ze
 5b4eSoTbH3R/g2aFj7JSUworiAqD2DSqGqPYPi3ujaWFs1STpjvJP3f0jHuEVnKyMLMDXQo
 cROMq77OWkF0zgK/WwMWKG0Hcgu7JFK7A/vv+DGeEZ6d4W6ivDiURe+uoqiBcuSbgg7pU1I
 OQ6ufa8LsGqBim+t2p2oexXF5S8rWyKuqVMVgXG5lmJAQw+Ex9gtwyAxOErA==
Received: from [172.20.0.4] (unknown [172.20.0.4])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id F389D691105;
	Sun,  8 Feb 2026 03:39:18 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1770514744;
 b=gkkWSVhc3EGv3EWYENxx4kKgutg/b8IWsk5J/zzVNbh/fYCXfIS2gFFlaJCuZI0XqlY21
 lWCr9HRkKz/n+RhWfOplQU2qt2Vs/OTPoJ2DPGN0au7OO6EOwO0TeNs2dyZ26Sr4Xq0l0nP
 igt/hOJE0txx+jiQTVYMvLOgvrPSeScPD+cqxwVvhDVHuGQrJhBv7BicaUiaIxRdNGyrWQt
 TwVTNCEWeNrgZOTzmLJBiu6WtkryTRMkJJn75cCBa/pM3Ku8doxu8fBhIT1J3Ya3GT+Fjh4
 aGZjUEVRY6Lvr7aj9O3eABO1Z6ED2oVsoaUYl3O1cPj7YmomWatyNYtl8M5Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1770514744; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=Uy1dBFOZ9lyqAUuLglmpRuXc+I7ncQI2oYD/a8xm3bw=;
 b=tTYSk9VK+bdEihQ4OmrOl7X3mSotaB6T384UGQRUS2+XaS3LyJqF0MCsPNqkPpRCIO8Ms
 ADhD5xe46gN6Iflc6J0mKL01X7Zebol2pug32Y+LW6oa7qEB38k4ELZrOGzn7rNgt6woLkJ
 O7oaz3/9MvaheBB23uf6RFUnetSpSFcvT8bTwnzScQOYNT4AN8fr3vexWRHCSWNPLiaKLFP
 +5dNLOgd1wV/tW2HCG/2c0a5Y2ec1wOWI2mqlX/Jpa7c0f26mXgkMXcu0LuG7yHAK0IO3ZH
 23rfafZaGKA8xtnkxOTk00/vGVgoW21mB+5KK2IG/DSc/pqNue3M2NKw6xGA==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1770514734; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=K2HC9ZjM+SzlJ0A3ZPZ/JdQiOqUTH5YOLv8jfQMfzvg=;
 b=NK2pZYgrH1nFSFHQmHUepxCou2Gx9L14vO62QTk0Ga4M+NPEtLsMxq9tShdIjWPhQQI7n
 aNoS71hzKivfyDLxBwhLB6cGPUrQTbxfvTPc3RRIBknMp0BF1xB9bRCgQ6sua1Ze55OEZB/
 PVyIk4Tvi8dmpw72GLuvKdQk5vsATyD3ORjBvAZVUyMwV0k8QrScC1dsm0v8Z6sedKBmOc1
 oqMGc596qin0vT2hhoDhGXlt72aNPh0jduXhf8kzDIYjPiWApEpaJ8/cVa6jrE8bzQqrCYH
 YR7ouoK1ioDrsAd74yReqSrCUHGSn4r3Il+XlsRD0Jas1iemukgpmFs8QTBQ==
Received: from c8d966988b92 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 76E9A69073A
	for <ffmpeg-devel@ffmpeg.org>; Sun,  8 Feb 2026 03:38:54 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 08 Feb 2026 01:38:54 -0000
Message-ID: <177051473465.25.16226227811371289338@4457048688e7>
Message-ID-Hash: Y2GWS2VG3VCIABA7QX4BVJTHHM7365Z3
X-Message-ID-Hash: Y2GWS2VG3VCIABA7QX4BVJTHHM7365Z3
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avformat/segafilm: dont read uninitialized value (PR
 #21680)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/Y2GWS2VG3VCIABA7QX4BVJTHHM7365Z3/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/177051473465.25.16226227811371289338@4457048688e7/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/177051473465.25.16226227811371289338@4457048688e7/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21680 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21680
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21680.patch

scratch[20] doesnt exist in version 0

Fixes: use of uninitialized memory
Fixes: 471664627/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-4738726971637760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg


>>From c736716a57c776b7b802c141c3c75a3e5158d866 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 8 Feb 2026 00:28:04 +0100
Subject: [PATCH] avformat/segafilm: dont read uninitialized value

scratch[20] doesnt exist in version 0

Fixes: use of uninitialized memory
Fixes: 471664627/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-4738726971637760

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
---
 libavformat/segafilm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
index 2b853017db..e0ea1da31e 100644
--- a/libavformat/segafilm.c
+++ b/libavformat/segafilm.c
@@ -163,7 +163,7 @@ static int film_read_header(AVFormatContext *s)
         st->codecpar->height = AV_RB32(&scratch[12]);
 
         if (film->video_type == AV_CODEC_ID_RAWVIDEO) {
-            if (scratch[20] == 24) {
+            if (film->version == 0 || scratch[20] == 24) {
                 st->codecpar->format = AV_PIX_FMT_RGB24;
             } else {
                 av_log(s, AV_LOG_ERROR, "raw video is using unhandled %dbpp\n", scratch[20]);
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org