[FFmpeg-cvslog] [ffmpeg] branch master updated. 3542260376 avcodec/scpr3: Clear clr

Mon Aug 11 13:05:48 EEST 2025

The branch, master has been updated
       via  354226037646d44701f0f2a84749fb2ea303f043 (commit)
       via  9686fdd729a9caeeac0dc84dca2a65e4c9e5460b (commit)
      from  e29a99a975b722463c19d53f67e32f12f6dfe445 (commit)


- Log -----------------------------------------------------------------
commit 354226037646d44701f0f2a84749fb2ea303f043
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Fri Aug 8 23:19:03 2025 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Mon Aug 11 11:54:31 2025 +0200

    avcodec/scpr3: Clear clr
    
    clr is passing into decode_run_p() its not used when not set
    but this possibly triggers msan (it doesnt locally)
    
    Fixes?: use of uninintialized memory
    Fixes?: 436997807/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SCPR_fuzzer-6253316466606080
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

diff --git a/libavcodec/scpr3.c b/libavcodec/scpr3.c
index e91c198308..369d2653c2 100644
--- a/libavcodec/scpr3.c
+++ b/libavcodec/scpr3.c
@@ -1167,7 +1167,7 @@ static int decompress_p3(AVCodecContext *avctx,
                 }
             } else {
                 int run, bx = x * 16 + sx1, by = y * 16 + sy1;
-                uint32_t clr, ptype = 0, r, g, b;
+                uint32_t clr = 0, ptype = 0, r, g, b;
 
                 if (bx >= avctx->width)
                     return AVERROR_INVALIDDATA;

commit 9686fdd729a9caeeac0dc84dca2a65e4c9e5460b
Author:     Michael Niedermayer <michael at niedermayer.cc>
AuthorDate: Fri Aug 8 15:03:56 2025 +0200
Commit:     Michael Niedermayer <michael at niedermayer.cc>
CommitDate: Mon Aug 11 11:54:31 2025 +0200

    avcodec/ilbcdec: Clear cbvec when used with create_augmented_vector()
    
    Fixes: use of uninitialized memory
    Fixes: 42538134/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ILBC_fuzzer-6322020827070464
    
    Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
    Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

diff --git a/libavcodec/ilbcdec.c b/libavcodec/ilbcdec.c
index a9dfa857a2..8b495a2f8e 100644
--- a/libavcodec/ilbcdec.c
+++ b/libavcodec/ilbcdec.c
@@ -675,6 +675,7 @@ static void get_codebook(int16_t * cbvec,   /* (o) Constructed codebook vector *
         /* get vector */
         memcpy(cbvec, mem + lMem - k, cbveclen * 2);
     } else if (index < base_size) {
+        memset(cbvec, 0, cbveclen * 2);
 
         /* Calculate lag */
 
@@ -701,6 +702,7 @@ static void get_codebook(int16_t * cbvec,   /* (o) Constructed codebook vector *
 
             filter_mafq12(&mem[memIndTest + 4], cbvec, kCbFiltersRev, CB_FILTERLEN, cbveclen);
         } else {
+            memset(cbvec, 0, cbveclen * 2);
             /* interpolated vectors */
             /* Stuff zeros outside memory buffer  */
             memIndTest = lMem - cbveclen - CB_FILTERLEN;

-----------------------------------------------------------------------

Summary of changes:
 libavcodec/ilbcdec.c | 2 ++
 libavcodec/scpr3.c   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)


hooks/post-receive
-- 

