[FFmpeg-devel] [PATCH 1/3] avformat/iamf_parse: clear padding
Michael Niedermayer
michael at niedermayer.cc
Sun Aug 18 19:44:15 EEST 2024
On Wed, Aug 14, 2024 at 12:07:04PM -0300, James Almer wrote:
> On 8/14/2024 11:34 AM, Michael Niedermayer wrote:
> > Fixes: use of uninitialized value
> > Fixes: 70929/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5931276639469568
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavformat/iamf_parse.c | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
> > index 296e49157b0..f2b6d4fa518 100644
> > --- a/libavformat/iamf_parse.c
> > +++ b/libavformat/iamf_parse.c
> > @@ -1076,6 +1076,7 @@ int ff_iamfdec_read_descriptors(IAMFContext *c, AVIOContext *pb,
> > size = avio_read(pb, header, FFMIN(MAX_IAMF_OBU_HEADER_SIZE, max_size));
> > if (size < 0)
> > return size;
> > + memset(header + size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
> > len = ff_iamf_parse_obu_header(header, size, &obu_size, &start_pos, &type, NULL, NULL);
> > if (len < 0 || obu_size > max_size) {
>
> I assume get_bits() reads into the padding?
from memory, yes
>
> Should be ok.
will apply
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety -- Benjamin Franklin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240818/cdce9ffc/attachment.sig>
More information about the ffmpeg-devel
mailing list