[FFmpeg-devel] [PATCH 5/6] tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content
James Almer
jamrial at gmail.com
Thu Aug 8 20:13:12 EEST 2024
On 8/6/2024 7:18 PM, Michael Niedermayer wrote:
> Fixes: use of uninitialized values
> Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others)
>
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> tools/target_dec_fuzzer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c
> index d2d7e21dac7..794b5b92cc7 100644
> --- a/tools/target_dec_fuzzer.c
> +++ b/tools/target_dec_fuzzer.c
> @@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame)
>
> frame->extended_data = frame->data;
> for (i = 0; i < 4 && size[i]; i++) {
> - frame->buf[i] = av_buffer_alloc(size[i]);
> + frame->buf[i] = av_buffer_allocz(size[i]);
> if (!frame->buf[i])
> goto fail;
> frame->data[i] = frame->buf[i]->data;
Wouldn't this hide actual decoder bugs too?
More information about the ffmpeg-devel
mailing list