[FFmpeg-trac] #7872(avcodec:new): libavcodec/scpr.c:decompress_p Uninitialized variable access

FFmpeg trac at avcodec.org
Sun Apr 28 11:39:57 EEST 2019


#7872: libavcodec/scpr.c:decompress_p Uninitialized variable access
---------------------------------+---------------------------------------
             Reporter:  fisher   |                     Type:  defect
               Status:  new      |                 Priority:  normal
            Component:  avcodec  |                  Version:  unspecified
             Keywords:           |               Blocked By:
             Blocking:           |  Reproduced by developer:  0
Analyzed by developer:  0        |
---------------------------------+---------------------------------------
 in libavcodec/scpr.c,decompress_p function has a uninitialized variable
 |min|, decode_value() can fail without assigning a value to |min|.so in
 min += temp << 8;  Uninitialized variable access happens.

 static int decompress_p(AVCodecContext *avctx,
                         uint32_t *dst, int linesize,
                         uint32_t *prev, int plinesize)
 {
     SCPRContext *s = avctx->priv_data;
     GetByteContext *gb = &s->gb;
     int ret, temp = 0, min, max, x, y, cx = 0, cx1 = 0;
     int backstep = linesize - avctx->width;

     if (bytestream2_get_byte(gb) == 0)
         return 1;
     bytestream2_skip(gb, 1);
     init_rangecoder(&s->rc, gb);

     ret  = decode_value(s, s->range_model, 256, 1, &min);
     ret |= decode_value(s, s->range_model, 256, 1, &temp);
     min += temp << 8;

--
Ticket URL: <https://trac.ffmpeg.org/ticket/7872>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list