[FFmpeg-cvslog] indeo3: initialise pixel planes on allocation
Kostya Shishkov
git at videolan.org
Thu Feb 14 15:30:24 CET 2013
ffmpeg | branch: release/0.10 | Kostya Shishkov <kostya.shishkov at gmail.com> | Mon May 14 19:33:03 2012 +0200| [a94f789c334ce35d7243f76b6bc982ba38289ec8] | committer: Anton Khirnov
indeo3: initialise pixel planes on allocation
This prevents decoder from reading garbage from it in case of errors later.
(cherry picked from commit 81064a8045028838fd32d18490034c207c8ecc06)
Fixes an invalid read on sample from CVE-2012-2804
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a94f789c334ce35d7243f76b6bc982ba38289ec8
---
libavcodec/indeo3.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c
index 48e5810..2aa8d95 100644
--- a/libavcodec/indeo3.c
+++ b/libavcodec/indeo3.c
@@ -194,6 +194,8 @@ static av_cold int allocate_frame_buffers(Indeo3DecodeContext *ctx,
/* set buffer pointers = buf_ptr + pitch and thus skip the INTRA prediction line */
ctx->planes[p].pixels[0] = ctx->planes[p].buffers[0] + ctx->planes[p].pitch;
ctx->planes[p].pixels[1] = ctx->planes[p].buffers[1] + ctx->planes[p].pitch;
+ memset(ctx->planes[p].pixels[0], 0, ctx->planes[p].pitch * ctx->planes[p].height);
+ memset(ctx->planes[p].pixels[1], 0, ctx->planes[p].pitch * ctx->planes[p].height);
}
return 0;
More information about the ffmpeg-cvslog
mailing list