* [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space
@ 2024-08-04 20:53 Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 2/8] avformat/mpeg: Check an avio_read() for failure Michael Niedermayer
` (7 more replies)
0 siblings, 8 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70842/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-5758325067677696
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/apac.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/apac.c b/libavcodec/apac.c
index f740fb5553b..068ad095300 100644
--- a/libavcodec/apac.c
+++ b/libavcodec/apac.c
@@ -159,6 +159,7 @@ static int apac_decode(AVCodecContext *avctx, AVFrame *frame,
buf = &s->bitstream[s->bitstream_index];
buf_size += s->bitstream_size;
s->bitstream_size = buf_size;
+ memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
frame->nb_samples = s->bitstream_size * 16 * 8;
if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 2/8] avformat/mpeg: Check an avio_read() for failure
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF Michael Niedermayer
` (6 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70849/clusterfuzz-testcase-minimized-ffmpeg_dem_MPEGPS_fuzzer-4684401009557504
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/mpeg.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/libavformat/mpeg.c b/libavformat/mpeg.c
index c3dff3e4ea2..262e398fa5e 100644
--- a/libavformat/mpeg.c
+++ b/libavformat/mpeg.c
@@ -566,7 +566,9 @@ redo:
static const unsigned char avs_seqh[4] = { 0, 0, 1, 0xb0 };
unsigned char buf[8];
- avio_read(s->pb, buf, 8);
+ ret = avio_read(s->pb, buf, 8);
+ if (ret < 0)
+ return ret;
avio_seek(s->pb, -8, SEEK_CUR);
if (!memcmp(buf, avs_seqh, 4) && (buf[6] != 0 || buf[7] != 1))
codec_id = AV_CODEC_ID_CAVS;
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 2/8] avformat/mpeg: Check an avio_read() for failure Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-05 0:10 ` Kacper Michajlow
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame Michael Niedermayer
` (5 subsequent siblings)
7 siblings, 1 reply; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavformat/img2dec.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
index 20b1bc31f6a..3389fa818e9 100644
--- a/libavformat/img2dec.c
+++ b/libavformat/img2dec.c
@@ -563,6 +563,7 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
}
goto fail;
} else {
+ memset(pkt->data + pkt->size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
s->img_count++;
s->img_number++;
s->pts++;
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 2/8] avformat/mpeg: Check an avio_read() for failure Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-05 0:02 ` Kacper Michajlow
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 5/8] avcodec/shorten: clear padding Michael Niedermayer
` (4 subsequent siblings)
7 siblings, 1 reply; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/parser.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/parser.c b/libavcodec/parser.c
index af17ee9c156..426cc314fb0 100644
--- a/libavcodec/parser.c
+++ b/libavcodec/parser.c
@@ -236,6 +236,7 @@ int ff_combine_frame(ParseContext *pc, int next,
}
pc->buffer = new_buffer;
memcpy(&pc->buffer[pc->index], *buf, *buf_size);
+ memset(&pc->buffer[pc->index + *buf_size], 0, AV_INPUT_BUFFER_PADDING_SIZE);
pc->index += *buf_size;
return -1;
}
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 5/8] avcodec/shorten: clear padding
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
` (2 preceding siblings ...)
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 6/8] avcodec/vc1dec: Clear mb_type_base and ttblk_base Michael Niedermayer
` (3 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70854/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SHORTEN_fuzzer-5533480570650624
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/shorten.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 102992e2b2c..12a179156a7 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -563,6 +563,7 @@ static int shorten_decode_frame(AVCodecContext *avctx, AVFrame *frame,
buf = &s->bitstream[s->bitstream_index];
buf_size += s->bitstream_size;
s->bitstream_size = buf_size;
+ memset(buf + buf_size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
/* do not decode until buffer has at least max_framesize bytes or
* the end of the file has been reached */
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 6/8] avcodec/vc1dec: Clear mb_type_base and ttblk_base
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
` (3 preceding siblings ...)
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 5/8] avcodec/shorten: clear padding Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 7/8] avcodec/aic: Clear slice_data Michael Niedermayer
` (2 subsequent siblings)
7 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: two use-of-uninitialized-value
Fixes: 70856/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VC1IMAGE_fuzzer-5539349918187520
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/vc1dec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/vc1dec.c b/libavcodec/vc1dec.c
index 4b31860c3fe..5f1a5bd437c 100644
--- a/libavcodec/vc1dec.c
+++ b/libavcodec/vc1dec.c
@@ -379,7 +379,7 @@ static av_cold int vc1_decode_init_alloc_tables(VC1Context *v)
if (!v->block || !v->cbp_base)
return AVERROR(ENOMEM);
v->cbp = v->cbp_base + 2 * s->mb_stride;
- v->ttblk_base = av_malloc(sizeof(v->ttblk_base[0]) * 3 * s->mb_stride);
+ v->ttblk_base = av_mallocz(sizeof(v->ttblk_base[0]) * 3 * s->mb_stride);
if (!v->ttblk_base)
return AVERROR(ENOMEM);
v->ttblk = v->ttblk_base + 2 * s->mb_stride;
@@ -393,7 +393,7 @@ static av_cold int vc1_decode_init_alloc_tables(VC1Context *v)
v->luma_mv = v->luma_mv_base + 2 * s->mb_stride;
/* allocate block type info in that way so it could be used with s->block_index[] */
- v->mb_type_base = av_malloc(s->b8_stride * (mb_height * 2 + 1) + s->mb_stride * (mb_height + 1) * 2);
+ v->mb_type_base = av_mallocz(s->b8_stride * (mb_height * 2 + 1) + s->mb_stride * (mb_height + 1) * 2);
if (!v->mb_type_base)
return AVERROR(ENOMEM);
v->mb_type[0] = v->mb_type_base + s->b8_stride + 1;
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 7/8] avcodec/aic: Clear slice_data
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
` (4 preceding siblings ...)
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 6/8] avcodec/vc1dec: Clear mb_type_base and ttblk_base Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 8/8] avcodec/alsdec: clear last_acf_mantissa Michael Niedermayer
2024-08-14 15:10 ` [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
7 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70865/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AIC_fuzzer-4874102695854080
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/aic.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/libavcodec/aic.c b/libavcodec/aic.c
index 3ff170b414f..e12d689c478 100644
--- a/libavcodec/aic.c
+++ b/libavcodec/aic.c
@@ -465,8 +465,7 @@ static av_cold int aic_decode_init(AVCodecContext *avctx)
}
}
- ctx->slice_data = av_malloc_array(ctx->slice_width, AIC_BAND_COEFFS
- * sizeof(*ctx->slice_data));
+ ctx->slice_data = av_calloc(ctx->slice_width, AIC_BAND_COEFFS * sizeof(*ctx->slice_data));
if (!ctx->slice_data) {
av_log(avctx, AV_LOG_ERROR, "Error allocating slice buffer\n");
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* [FFmpeg-devel] [PATCH 8/8] avcodec/alsdec: clear last_acf_mantissa
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
` (5 preceding siblings ...)
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 7/8] avcodec/aic: Clear slice_data Michael Niedermayer
@ 2024-08-04 20:53 ` Michael Niedermayer
2024-08-14 15:10 ` [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
7 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-04 20:53 UTC (permalink / raw)
To: FFmpeg development discussions and patches
Fixes: use-of-uninitialized-value
Fixes: 70869/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-5476567461986304
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
libavcodec/alsdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index f4f67917d76..28f20799854 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -2112,7 +2112,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
ctx->acf = av_malloc_array(channels, sizeof(*ctx->acf));
ctx->shift_value = av_calloc(channels, sizeof(*ctx->shift_value));
ctx->last_shift_value = av_calloc(channels, sizeof(*ctx->last_shift_value));
- ctx->last_acf_mantissa = av_malloc_array(channels, sizeof(*ctx->last_acf_mantissa));
+ ctx->last_acf_mantissa = av_calloc(channels, sizeof(*ctx->last_acf_mantissa));
ctx->raw_mantissa = av_calloc(channels, sizeof(*ctx->raw_mantissa));
ctx->larray = av_malloc_array(ctx->cur_frame_length * 4, sizeof(*ctx->larray));
--
2.45.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame Michael Niedermayer
@ 2024-08-05 0:02 ` Kacper Michajlow
2024-08-05 19:43 ` Michael Niedermayer
0 siblings, 1 reply; 13+ messages in thread
From: Kacper Michajlow @ 2024-08-05 0:02 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Sun, 4 Aug 2024 at 22:53, Michael Niedermayer <michael@niedermayer.cc> wrote:
>
> Fixes: use-of-uninitialized-value
> Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/parser.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libavcodec/parser.c b/libavcodec/parser.c
> index af17ee9c156..426cc314fb0 100644
> --- a/libavcodec/parser.c
> +++ b/libavcodec/parser.c
> @@ -236,6 +236,7 @@ int ff_combine_frame(ParseContext *pc, int next,
> }
> pc->buffer = new_buffer;
> memcpy(&pc->buffer[pc->index], *buf, *buf_size);
> + memset(&pc->buffer[pc->index + *buf_size], 0, AV_INPUT_BUFFER_PADDING_SIZE);
> pc->index += *buf_size;
> return -1;
> }
> --
> 2.45.2
We already had patch like that some time ago,
https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-2-kasper93@gmail.com/
- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF Michael Niedermayer
@ 2024-08-05 0:10 ` Kacper Michajlow
2024-08-05 19:40 ` Michael Niedermayer
0 siblings, 1 reply; 13+ messages in thread
From: Kacper Michajlow @ 2024-08-05 0:10 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On Sun, 4 Aug 2024 at 23:01, Michael Niedermayer <michael@niedermayer.cc> wrote:
>
> Fixes: use-of-uninitialized-value
> Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/img2dec.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
> index 20b1bc31f6a..3389fa818e9 100644
> --- a/libavformat/img2dec.c
> +++ b/libavformat/img2dec.c
> @@ -563,6 +563,7 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
> }
> goto fail;
> } else {
> + memset(pkt->data + pkt->size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
> s->img_count++;
> s->img_number++;
> s->pts++;
> --
> 2.45.2
I've also had this one
(https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-3-kasper93@gmail.com/),
but probably it is better to do it only in the else branch here. So,
LGTM.
- Kacper
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF
2024-08-05 0:10 ` Kacper Michajlow
@ 2024-08-05 19:40 ` Michael Niedermayer
0 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-05 19:40 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1533 bytes --]
On Mon, Aug 05, 2024 at 02:10:18AM +0200, Kacper Michajlow wrote:
> On Sun, 4 Aug 2024 at 23:01, Michael Niedermayer <michael@niedermayer.cc> wrote:
> >
> > Fixes: use-of-uninitialized-value
> > Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/img2dec.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libavformat/img2dec.c b/libavformat/img2dec.c
> > index 20b1bc31f6a..3389fa818e9 100644
> > --- a/libavformat/img2dec.c
> > +++ b/libavformat/img2dec.c
> > @@ -563,6 +563,7 @@ int ff_img_read_packet(AVFormatContext *s1, AVPacket *pkt)
> > }
> > goto fail;
> > } else {
> > + memset(pkt->data + pkt->size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
> > s->img_count++;
> > s->img_number++;
> > s->pts++;
> > --
> > 2.45.2
>
> I've also had this one
> (https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-3-kasper93@gmail.com/),
> but probably it is better to do it only in the else branch here. So,
> LGTM.
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The bravest are surely those who have the clearest vision
of what is before them, glory and danger alike, and yet
notwithstanding go out to meet it. -- Thucydides
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame
2024-08-05 0:02 ` Kacper Michajlow
@ 2024-08-05 19:43 ` Michael Niedermayer
0 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-05 19:43 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1442 bytes --]
On Mon, Aug 05, 2024 at 02:02:07AM +0200, Kacper Michajlow wrote:
> On Sun, 4 Aug 2024 at 22:53, Michael Niedermayer <michael@niedermayer.cc> wrote:
> >
> > Fixes: use-of-uninitialized-value
> > Fixes: 70852/clusterfuzz-testcase-minimized-ffmpeg_IO_DEMUXER_fuzzer-5179190066872320
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavcodec/parser.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libavcodec/parser.c b/libavcodec/parser.c
> > index af17ee9c156..426cc314fb0 100644
> > --- a/libavcodec/parser.c
> > +++ b/libavcodec/parser.c
> > @@ -236,6 +236,7 @@ int ff_combine_frame(ParseContext *pc, int next,
> > }
> > pc->buffer = new_buffer;
> > memcpy(&pc->buffer[pc->index], *buf, *buf_size);
> > + memset(&pc->buffer[pc->index + *buf_size], 0, AV_INPUT_BUFFER_PADDING_SIZE);
> > pc->index += *buf_size;
> > return -1;
> > }
> > --
> > 2.45.2
>
> We already had patch like that some time ago,
> https://patchwork.ffmpeg.org/project/ffmpeg/patch/20240627004037.1336-2-kasper93@gmail.com/
will apply yours, somehow i missed these
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
What does censorship reveal? It reveals fear. -- Julian Assange
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
* Re: [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
` (6 preceding siblings ...)
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 8/8] avcodec/alsdec: clear last_acf_mantissa Michael Niedermayer
@ 2024-08-14 15:10 ` Michael Niedermayer
7 siblings, 0 replies; 13+ messages in thread
From: Michael Niedermayer @ 2024-08-14 15:10 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 799 bytes --]
On Sun, Aug 04, 2024 at 10:53:02PM +0200, Michael Niedermayer wrote:
> Fixes: use-of-uninitialized-value
> Fixes: 70842/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_APAC_fuzzer-5758325067677696
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavcodec/apac.c | 1 +
> 1 file changed, 1 insertion(+)
will apply the remeining 6 patches of this set
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Rewriting code that is poorly written but fully understood is good.
Rewriting code that one doesnt understand is a sign that one is less smart
than the original author, trying to rewrite it will not make it better.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 13+ messages in thread
end of thread, other threads:[~2024-08-14 15:10 UTC | newest]
Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-04 20:53 [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 2/8] avformat/mpeg: Check an avio_read() for failure Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 3/8] avformat/img2dec: Clear padding data after EOF Michael Niedermayer
2024-08-05 0:10 ` Kacper Michajlow
2024-08-05 19:40 ` Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 4/8] avcodec/parser: clear padding in combine frame Michael Niedermayer
2024-08-05 0:02 ` Kacper Michajlow
2024-08-05 19:43 ` Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 5/8] avcodec/shorten: clear padding Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 6/8] avcodec/vc1dec: Clear mb_type_base and ttblk_base Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 7/8] avcodec/aic: Clear slice_data Michael Niedermayer
2024-08-04 20:53 ` [FFmpeg-devel] [PATCH 8/8] avcodec/alsdec: clear last_acf_mantissa Michael Niedermayer
2024-08-14 15:10 ` [FFmpeg-devel] [PATCH 1/8] avcodec/apac: Clean padding space Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git