[FFmpeg-cvslog] indeo3: initialise pixel planes on allocation

Kostya Shishkov git at videolan.org
Thu Feb 14 15:30:24 CET 2013


ffmpeg | branch: release/0.10 | Kostya Shishkov <kostya.shishkov at gmail.com> | Mon May 14 19:33:03 2012 +0200| [a94f789c334ce35d7243f76b6bc982ba38289ec8] | committer: Anton Khirnov

indeo3: initialise pixel planes on allocation

This prevents decoder from reading garbage from it in case of errors later.
(cherry picked from commit 81064a8045028838fd32d18490034c207c8ecc06)

Fixes an invalid read on sample from CVE-2012-2804

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a94f789c334ce35d7243f76b6bc982ba38289ec8
---

 libavcodec/indeo3.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 48e5810..2aa8d95 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -194,6 +194,8 @@ static av_cold int allocate_frame_buffers(Indeo3DecodeContext *ctx,
         /* set buffer pointers = buf_ptr + pitch and thus skip the INTRA prediction line */
         ctx->planes[p].pixels[0] = ctx->planes[p].buffers[0] + ctx->planes[p].pitch;
         ctx->planes[p].pixels[1] = ctx->planes[p].buffers[1] + ctx->planes[p].pitch;
+        memset(ctx->planes[p].pixels[0], 0, ctx->planes[p].pitch * ctx->planes[p].height);
+        memset(ctx->planes[p].pixels[1], 0, ctx->planes[p].pitch * ctx->planes[p].height);
     }
 
     return 0;



More information about the ffmpeg-cvslog mailing list