[FFmpeg-cvslog] tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content
Michael Niedermayer
git at videolan.org
Sat Aug 10 16:05:32 EEST 2024
ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Aug 7 00:18:52 2024 +0200| [1b8d95da3a4a5c9441238928a36b653da693c286] | committer: Michael Niedermayer
tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content
This matches production code which also zeros these buffers
Fixes: use of uninitialized values
Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others)
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1b8d95da3a4a5c9441238928a36b653da693c286
---
tools/target_dec_fuzzer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
index d2d7e21dac..794b5b92cc 100644
--- a/tools/target_dec_fuzzer.c
+++ b/tools/target_dec_fuzzer.c
@@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
frame->extended_data = frame->data;
for (i = 0; i < 4 && size[i]; i++) {
- frame->buf[i] = av_buffer_alloc(size[i]);
+ frame->buf[i] = av_buffer_allocz(size[i]);
if (!frame->buf[i])
goto fail;
frame->data[i] = frame->buf[i]->data;
More information about the ffmpeg-cvslog
mailing list