[FFmpeg-cvslog] tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content

Michael Niedermayer git at videolan.org
Sat Aug 10 16:05:32 EEST 2024


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Aug  7 00:18:52 2024 +0200| [1b8d95da3a4a5c9441238928a36b653da693c286] | committer: Michael Niedermayer

tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content

This matches production code which also zeros these buffers

Fixes: use of uninitialized values
Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others)

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b8d95da3a4a5c9441238928a36b653da693c286
---

 tools/target_dec_fuzzer.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index d2d7e21dac..794b5b92cc 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
 
     frame->extended_data = frame->data;
     for (i = 0; i < 4 && size[i]; i++) {
-        frame->buf[i] = av_buffer_alloc(size[i]);
+        frame->buf[i] = av_buffer_allocz(size[i]);
         if (!frame->buf[i])
             goto fail;
         frame->data[i] = frame->buf[i]->data;



More information about the ffmpeg-cvslog mailing list