This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new af86f0ffcc avcodec/dca_xll: Clear padding in ff_dca_xll_parse()
af86f0ffcc is described below
commit af86f0ffcc0c7d1e7f36a3d9f602c196008d0e60
Author: Michael Niedermayer <[email protected]>
AuthorDate: Mon Jan 19 22:33:00 2026 +0100
Commit: Michael Niedermayer <[email protected]>
CommitDate: Thu Feb 5 18:12:46 2026 +0100
avcodec/dca_xll: Clear padding in ff_dca_xll_parse()
Fixes: Use of uninitialized memory
Fixes:
472020020/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_DCA_DEC_fuzzer-6433045331902464
Found-by: continuous fuzzing process
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavcodec/dca_xll.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/libavcodec/dca_xll.c b/libavcodec/dca_xll.c
index 86e992bf1c..6eedad7eb8 100644
--- a/libavcodec/dca_xll.c
+++ b/libavcodec/dca_xll.c
@@ -1102,6 +1102,7 @@ static int copy_to_pbr(DCAXllDecoder *s, const uint8_t
*data, int size, int dela
return AVERROR(ENOMEM);
memcpy(s->pbr_buffer, data, size);
+ memset(s->pbr_buffer + size, 0, AV_INPUT_BUFFER_PADDING_SIZE);
s->pbr_length = size;
s->pbr_delay = delay;
return 0;
@@ -1156,6 +1157,7 @@ static int parse_frame_pbr(DCAXllDecoder *s, const
uint8_t *data, int size, DCAE
memcpy(s->pbr_buffer + s->pbr_length, data, size);
s->pbr_length += size;
+ memset(s->pbr_buffer + s->pbr_length, 0, AV_INPUT_BUFFER_PADDING_SIZE);
// Respect decoding delay after synchronization error
if (s->pbr_delay > 0 && --s->pbr_delay)
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
