This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/4.4 in repository ffmpeg.
commit 518751994375d5a1cc014bc4cc7fb68bc3c912e1 Author: Michael Niedermayer <[email protected]> AuthorDate: Fri Jul 19 17:08:22 2024 +0200 Commit: Michael Niedermayer <[email protected]> CommitDate: Sun Jun 21 17:59:33 2026 +0200 avcodec/alsdec: Clear shift_value (the exact issue is unreproducable but the use of uninitialized data is reproducable) Should fix: signed integer overflow: -2147483648 - 127 cannot be represented in type 'int' Should fix: 69881/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ALS_fuzzer-4751301204836352 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> (cherry picked from commit 6194cb87cb81ef97adfa2690e489f473182eaffe) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/alsdec.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index a7733503cd..e29d8508e1 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -2116,8 +2116,8 @@ static av_cold int decode_init(AVCodecContext *avctx) if (sconf->floating) { ctx->acf = av_malloc_array(avctx->channels, sizeof(*ctx->acf)); - ctx->shift_value = av_malloc_array(avctx->channels, sizeof(*ctx->shift_value)); - ctx->last_shift_value = av_malloc_array(avctx->channels, sizeof(*ctx->last_shift_value)); + ctx->shift_value = av_calloc(avctx->channels, sizeof(*ctx->shift_value)); + ctx->last_shift_value = av_calloc(avctx->channels, sizeof(*ctx->last_shift_value)); ctx->last_acf_mantissa = av_malloc_array(avctx->channels, sizeof(*ctx->last_acf_mantissa)); ctx->raw_mantissa = av_mallocz_array(avctx->channels, sizeof(*ctx->raw_mantissa)); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
