From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id D6F134753A
	for <ffmpegdev@gitmailbox.com>; Thu,  8 Aug 2024 17:13:19 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EFD2168D9BF;
	Thu,  8 Aug 2024 20:13:16 +0300 (EEST)
Received: from mail-pl1-f182.google.com (mail-pl1-f182.google.com
 [209.85.214.182])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CBB7868D99F
 for <ffmpeg-devel@ffmpeg.org>; Thu,  8 Aug 2024 20:13:09 +0300 (EEST)
Received: by mail-pl1-f182.google.com with SMTP id
 d9443c01a7336-1fc5549788eso11755775ad.1
 for <ffmpeg-devel@ffmpeg.org>; Thu, 08 Aug 2024 10:13:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1723137187; x=1723741987; darn=ffmpeg.org;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id:from
 :to:cc:subject:date:message-id:reply-to;
 bh=pIIAoeiU40wEiFbPIVmdDQMZ/1QLa5WVXvFXYkRlknM=;
 b=hEf7wyCJzOw41nK18G3/Lir1yMvsCsP8JxTaI8TBpVRZp0A+HM/v53feX9Pdkt+ttU
 PkZSO7YXvZQeuzJI6OwppKp5BA23Uv7jaLUG1//u+KthctzBCBXGgTSm1exti+8Ygydr
 JmlaFwUEkVbJDki+B9WvAL8rd5Ju9/x76SPzfmDXcInpPpvlT8vnZ6lQRgWylrdC/FSD
 3EZjUQMGMP5OL2Fe4FIYpDzknflaNWHWzNdtHznc3brO+RjCSxC0B31L47xGyiw1gr/G
 ekKG+rp2M6u1XKwjzEi8XUB6/+4dQfHzo7cSU7BesyMhjvpdqcz83ehFzb9Rh0A20CVn
 OGkQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1723137187; x=1723741987;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=pIIAoeiU40wEiFbPIVmdDQMZ/1QLa5WVXvFXYkRlknM=;
 b=MWVjaIOM/WAQp9RemhVw6xO9WiTLidUyOFSCn1Vt/7aZPpBA/n4OCe0EFrdaKUotwX
 J1tOA7o9Ks9SACanfDbnzF0qvbT6js4oOLHN7+aRI8ClX9PVX4OoshVW6IQoUSQNjW9h
 0oc92Us7Sth0/VsFsgURbDlRGtl47tDsRdVb1lYk7oEQqhclERxq/kdoHM8tgQLsmqz3
 kXr04i39lqQHLeo4OLZKUAueNDlLUvzymqIABHln5UYCqUmbhhDPYliXUdm0lE9eDGU/
 TL3ucaUWobyg5T0NHPptvZEOEJaS0CPR0ncJjX7IEeGUHXvmpoO8N3vPGEZzjoWGxx0j
 4SCQ==
X-Gm-Message-State: AOJu0YzfPuzk9ba4cSdflqeucXDWEcdcSLk+GdoSlElOLEE3aqaO47KJ
 frWymGJrDZJHgRk5uRVhJ9bzDvs2ANL/fsQcNpTWDZW/BCNRTw1cr7Exbw==
X-Google-Smtp-Source: AGHT+IHeszMjr/6D6Gp9FOoBEISxBsTDtguClCVtvihXSAuyyTe0rGgDZ+Q7UfIlQuXEezpumxYvpQ==
X-Received: by 2002:a17:902:f68a:b0:1fd:6848:bc35 with SMTP id
 d9443c01a7336-2009527d320mr28609115ad.33.1723137186751; 
 Thu, 08 Aug 2024 10:13:06 -0700 (PDT)
Received: from [192.168.0.14] ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1ff58f58702sm127527925ad.103.2024.08.08.10.13.05
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Thu, 08 Aug 2024 10:13:06 -0700 (PDT)
Message-ID: <79221741-358b-4c9a-9782-51799f2eb416@gmail.com>
Date: Thu, 8 Aug 2024 14:13:12 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: ffmpeg-devel@ffmpeg.org
References: <20240806221853.959177-1-michael@niedermayer.cc>
 <20240806221853.959177-5-michael@niedermayer.cc>
Content-Language: en-US
From: James Almer <jamrial@gmail.com>
In-Reply-To: <20240806221853.959177-5-michael@niedermayer.cc>
Subject: Re: [FFmpeg-devel] [PATCH 5/6] tools/target_dec_fuzzer: Use
 av_buffer_allocz() to avoid missing slices to have unpredictable content
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/79221741-358b-4c9a-9782-51799f2eb416@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On 8/6/2024 7:18 PM, Michael Niedermayer wrote:
> Fixes: use of uninitialized values
> Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others)
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   tools/target_dec_fuzzer.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index d2d7e21dac7..794b5b92cc7 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
>   
>       frame->extended_data = frame->data;
>       for (i = 0; i < 4 && size[i]; i++) {
> -        frame->buf[i] = av_buffer_alloc(size[i]);
> +        frame->buf[i] = av_buffer_allocz(size[i]);
>           if (!frame->buf[i])
>               goto fail;
>           frame->data[i] = frame->buf[i]->data;

Wouldn't this hide actual decoder bugs too?

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".