[FFmpeg-devel] [PATCH] avcodec/mpeg12dec: Fix uninitialized data in fate-sub-cc-scte20

James Almer jamrial at gmail.com
Sat Jun 27 19:02:52 EEST 2020


On 6/27/2020 12:46 PM, lance.lmwang at gmail.com wrote:
> From: Limin Wang <lance.lmwang at gmail.com>
> 
> The issue is introduced from a705bcd763e344fa, please tested with below command line:
> make V=1 fate-sub-cc-scte20 TARGET_EXEC="valgrind --error-exitcode=1"
> 
> Reported-by:   Martin Storsjö <martin at martin.st>
> Signed-off-by: Limin Wang <lance.lmwang at gmail.com>
> ---
>  libavcodec/mpeg12dec.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
> index f0f92ac..2562027 100644
> --- a/libavcodec/mpeg12dec.c
> +++ b/libavcodec/mpeg12dec.c
> @@ -2276,6 +2276,8 @@ static int mpeg_decode_a53_cc(AVCodecContext *avctx,
>              if (ret >= 0) {
>                  uint8_t field, cc1, cc2;
>                  uint8_t *cap = s1->a53_buf_ref->data;
> +
> +                memset(s1->a53_buf_ref->data + old_size, 0, cc_count * UINT64_C(3));

Why is zeroing needed now to prevent use of uninitialized values but not
before this patch? Wouldn't it hint at some issue in your port to
AVBufferRef?

Did you for example make sure to read and write in the correct place in
the reallocated buffer when you're appending new captions to it?

>                  for (i = 0; i < cc_count && get_bits_left(&gb) >= 26; i++) {
>                      skip_bits(&gb, 2); // priority
>                      field = get_bits(&gb, 2);
> 



More information about the ffmpeg-devel mailing list