[FFmpeg-cvslog] flashsv: Initialize the block array
Luca Barbato
git at videolan.org
Tue Nov 10 18:02:17 CET 2015
ffmpeg | branch: master | Luca Barbato <lu_zero at gentoo.org> | Sun Nov 1 04:07:48 2015 +0100| [50d2a3b5f34e6f99e5ffe17f2be5eb1815555960] | committer: Luca Barbato
flashsv: Initialize the block array
Otherwise flashsv2_prime could be fed random data.
Bug-Id: 908
CC: libav-stable at libav.org
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=50d2a3b5f34e6f99e5ffe17f2be5eb1815555960
---
libavcodec/flashsv.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/libavcodec/flashsv.c b/libavcodec/flashsv.c
index ee854ac..2cf8f3f 100644
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@@ -339,12 +339,14 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data,
s->is_keyframe = (avpkt->flags & AV_PKT_FLAG_KEY) && (s->ver == 2);
if (s->is_keyframe) {
int err;
+ int nb_blocks = (v_blocks + !!v_part) *
+ (h_blocks + !!h_part) * sizeof(s->blocks[0]);
if ((err = av_reallocp(&s->keyframedata, avpkt->size)) < 0)
return err;
memcpy(s->keyframedata, avpkt->data, avpkt->size);
- if ((err = av_reallocp(&s->blocks, (v_blocks + !!v_part) *
- (h_blocks + !!h_part) * sizeof(s->blocks[0]))) < 0)
+ if ((err = av_reallocp(&s->blocks, nb_blocks)) < 0)
return err;
+ memset(s->blocks, 0, nb_blocks);
}
ff_dlog(avctx, "image: %dx%d block: %dx%d num: %dx%d part: %dx%d\n",
More information about the ffmpeg-cvslog
mailing list