[FFmpeg-devel] [PATCH] ac3_probe input buffer overrun

[Justin Ruggles]

Michael Niedermayer wrote:
> Hi
> 
> On Sat, Sep 01, 2007 at 01:02:37PM -0000, Wolfram Gloger wrote:
>>> Not that I can find any current valgrind bug reports like that,
>>> but in this case the memory is quite definitely uninitialized:
>> I meant: "the used memory is quite definitely uninitialized".
>>
>>> --- ffmpeg-wg/libavformat/utils.c~	2007-08-30 23:45:32.000000000 +0200
>>> +++ ffmpeg-wg/libavformat/utils.c	2007-09-01 13:00:15.000000000 +0200
>>> @@ -445,6 +445,7 @@
>>>              /* read probe data */
>>>              pd->buf= av_realloc(pd->buf, probe_size + AVPROBE_PADDING_SIZE);
>>>              pd->buf_size = get_buffer(pb, pd->buf, probe_size);
>>> +            memset(pd->buf + pd->buf_size, 0, AVPROBE_PADDING_SIZE); 
>>>              if (url_fseek(pb, 0, SEEK_SET) < 0) {
>>>                  url_fclose(pb);
>>>                  if (url_fopen(pb, filename, URL_RDONLY) < 0) {
>>>
>>> should fix it too and could of course replace my patch.
>> .. and this is unsufficient.  There is another case where the probe buffer
>> isn't even properly extended.  New patch attached.
> 
> patch ok

applied.