[FFmpeg-cvslog] avformat/asf: clear uninitialized areas of packets before returning them

Michael Niedermayer git at videolan.org
Sat Dec 14 01:56:53 CET 2013


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Dec 13 22:31:49 2013 +0100| [f5cf0ea93a55f43b553aa7d6698936e48c6a94df] | committer: Michael Niedermayer

avformat/asf: clear uninitialized areas of packets before returning them

Fixes use of uninitialized variables
Fixes msan_uninit-mem_7f839282b6ce_7273_msn08_VBRq70_800x600.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f5cf0ea93a55f43b553aa7d6698936e48c6a94df
---

 libavformat/asf.h    |    1 +
 libavformat/asfdec.c |    6 ++++++
 2 files changed, 7 insertions(+)

diff --git a/libavformat/asf.h b/libavformat/asf.h
index 904d348..acad64d 100644
--- a/libavformat/asf.h
+++ b/libavformat/asf.h
@@ -43,6 +43,7 @@ typedef struct ASFStream {
     int timestamp;
     int64_t duration;
     int skip_to_key;
+    int pkt_clean;
 
     int ds_span;                /* descrambling  */
     int ds_packet_size;
diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index a9b0326..1f8b25c 100644
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1191,6 +1191,7 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt)
             asf_st->pkt.dts          = asf->packet_frag_timestamp - asf->hdr.preroll;
             asf_st->pkt.stream_index = asf->stream_index;
             asf_st->pkt.pos          = asf_st->packet_pos = asf->packet_pos;
+            asf_st->pkt_clean        = 0;
 
             if (asf_st->pkt.data && asf_st->palette_changed) {
                 uint8_t *pal;
@@ -1231,6 +1232,11 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt)
             continue;
         }
 
+        if (asf->packet_frag_offset != asf_st->frag_offset && !asf_st->pkt_clean) {
+            memset(asf_st->pkt.data + asf_st->frag_offset, 0, asf_st->pkt.size - asf_st->frag_offset);
+            asf_st->pkt_clean = 1;
+        }
+
         ret = avio_read(pb, asf_st->pkt.data + asf->packet_frag_offset,
                         asf->packet_frag_size);
         if (ret != asf->packet_frag_size) {



More information about the ffmpeg-cvslog mailing list