This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch master in repository ffmpeg.
commit 189bc0aaf5b9fbd7b0e2fe0530db7d4a394cf810 Author: Michael Niedermayer <[email protected]> AuthorDate: Fri Jan 16 03:40:04 2026 +0100 Commit: Michael Niedermayer <[email protected]> CommitDate: Thu Feb 5 16:29:08 2026 +0100 avcodec/dxv: Clear tex_data padding on reallocation dxv assumes that newly reallocated memory in tex_data is not uninitialized thus we have to do that too in case of reallocation in ff_lzf_uncompress() Fixes: 475000819/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DXV_DEC_fuzzer-5571269310611456 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/dxv.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c index 07eee253e7..626dd75a33 100644 --- a/libavcodec/dxv.c +++ b/libavcodec/dxv.c @@ -828,7 +828,12 @@ static int dxv_decompress_dxt5(AVCodecContext *avctx) static int dxv_decompress_lzf(AVCodecContext *avctx) { DXVContext *ctx = avctx->priv_data; - return ff_lzf_uncompress(&ctx->gbc, &ctx->tex_data, &ctx->tex_size, &ctx->tex_data_size); + unsigned old_size = ctx->tex_data_size; + int ret = ff_lzf_uncompress(&ctx->gbc, &ctx->tex_data, &ctx->tex_size, &ctx->tex_data_size); + old_size = FFMAX(old_size, ctx->tex_size); + if (ctx->tex_data_size > old_size) + memset(ctx->tex_data + old_size, 0, ctx->tex_data_size - old_size); + return ret; } static int dxv_decompress_raw(AVCodecContext *avctx) _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
