From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id B594D4921A
	for <ffmpegdev@gitmailbox.com>; Mon,  5 Aug 2024 19:37:21 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BEEFF68D84C;
	Mon,  5 Aug 2024 22:37:18 +0300 (EEST)
Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net
 [217.70.183.195])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 706F368D2AA
 for <ffmpeg-devel@ffmpeg.org>; Mon,  5 Aug 2024 22:37:12 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id D183F60003
 for <ffmpeg-devel@ffmpeg.org>; Mon,  5 Aug 2024 19:37:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1722886632;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=7r3BbSZfDgwNKVi/Ej5Gf5tVdLTlEdt2SJT856+bboM=;
 b=f52ZeZ0OWLOmZ/ezkYe3DxhjtNdeTLdIQppi3h842YMeGFDvLB6DSCw0Mls03jVkaUmiM9
 WC+qFTioELbJXqfImpnBcfNquYEACpnQ5QltoqRsmnREg+IUqbyX3qL0m7aOVGZX7lH5s2
 mCsywr7xoWXtMk96/wXd24XiR3OAWbtq9n5Wfkr4gQW4jBBlFB9y6lOipERFl/0/eYUU6b
 8Z2/R+RZYljKGW+fZCC1BcVyK7xjOgh2RfWdwNcc3k/llZnOc3LEaBwpANxyO6e4NNU5c8
 kdO0pMg+V6IALUQu7VwaC/FUPZJesh49M8UayQgApPxvTxhbTVQRAT8rri5Srg==
Date: Mon, 5 Aug 2024 21:37:11 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20240805193711.GD4991@pb2>
References: <20240804142315.1430389-1-michael@niedermayer.cc>
 <20240804142315.1430389-2-michael@niedermayer.cc>
 <CABPLASTDQMahRcoNpXHUGQD_DNv2AL2vMi9hW2SmqsJxv+b0LA@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: <CABPLASTDQMahRcoNpXHUGQD_DNv2AL2vMi9hW2SmqsJxv+b0LA@mail.gmail.com>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH 2/4] avformat/jpegxl_anim_dec: initialize
 bit buffer
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============7965247091518761864=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20240805193711.GD4991@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============7965247091518761864==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="FFJq4JBCEm+n5/He"
Content-Disposition: inline


--FFJq4JBCEm+n5/He
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Aug 05, 2024 at 02:08:06AM +0200, Kacper Michajlow wrote:
> On Sun, 4 Aug 2024 at 16:23, Michael Niedermayer <michael@niedermayer.cc>=
 wrote:
> >
> > Fixes: use-of-uninitialized-value
> > Fixes: 70837/clusterfuzz-testcase-minimized-ffmpeg_dem_JPEGXL_ANIM_fuzz=
er-5089407768526848
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz=
/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/jpegxl_anim_dec.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/libavformat/jpegxl_anim_dec.c b/libavformat/jpegxl_anim_de=
c.c
> > index ac95d3b9617..3045167e1f9 100644
> > --- a/libavformat/jpegxl_anim_dec.c
> > +++ b/libavformat/jpegxl_anim_dec.c
> > @@ -77,7 +77,7 @@ static int jpegxl_anim_read_header(AVFormatContext *s)
> >      JXLAnimDemuxContext *ctx =3D s->priv_data;
> >      AVIOContext *pb =3D s->pb;
> >      AVStream *st;
> > -    uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE];
> > +    uint8_t head[256 + AV_INPUT_BUFFER_PADDING_SIZE] =3D {0};
> >      const int sizeofhead =3D sizeof(head) - AV_INPUT_BUFFER_PADDING_SI=
ZE;
> >      int headsize =3D 0, ret;
> >      FFJXLMetadata meta =3D { 0 };
> > --
> > 2.45.2
>=20
> Not sure it is required to zero the whole buffer. I sent an
> alternative patch some time ago, which clears only the relevant area.
> https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-4-k=
asper93@gmail.com/

ill apply yours then instead

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates

--FFJq4JBCEm+n5/He
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZrEp4wAKCRBhHseHBAsP
q0rWAJ9aq1eBlKqLoIvwS2uV6pkrTBmgRACcDoMpK+NvOU/+O/W1D2FK67bs+n8=
=cBRs
-----END PGP SIGNATURE-----

--FFJq4JBCEm+n5/He--

--===============7965247091518761864==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============7965247091518761864==--