This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new e7cbfd1c50 avcodec/lcldec: zero the not-decoded tail to avoid heap
disclosure
e7cbfd1c50 is described below
commit e7cbfd1c507b57a806a5825b87d609963e862c8c
Author: Michael Niedermayer <[email protected]>
AuthorDate: Sun Jun 28 19:04:07 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Sun Jul 5 00:08:36 2026 +0000
avcodec/lcldec: zero the not-decoded tail to avoid heap disclosure
Fixes: use of uninitialized memory
Fixes: CsNDKB1K1U0C
Fixes: e2c3aa8e2b (avcodec/lcldec: More space for rgb24)
Found-by: Adrian Junge (vurlo)
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavcodec/lcldec.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
index 29b1d85be3..5023243017 100644
--- a/libavcodec/lcldec.c
+++ b/libavcodec/lcldec.c
@@ -120,6 +120,9 @@ static unsigned int mszh_decomp(const unsigned char *
srcptr, int srclen, unsign
}
}
+ if (destptr < destptr_end)
+ memset(destptr, 0, destptr_end - destptr);
+
return destptr - destptr_bak;
}
@@ -153,8 +156,11 @@ static int zlib_decomp(AVCodecContext *avctx, const
uint8_t *src, int src_len, i
if (expected != (unsigned int)zstream->total_out) {
av_log(avctx, AV_LOG_ERROR, "Decoded size differs (%d != %lu)\n",
expected, zstream->total_out);
- if (expected > (unsigned int)zstream->total_out)
+ if (expected > (unsigned int)zstream->total_out) {
+ memset(c->decomp_buf + offset + zstream->total_out, 0,
+ c->decomp_size - offset - zstream->total_out);
return (unsigned int)zstream->total_out;
+ }
return AVERROR_UNKNOWN;
}
return zstream->total_out;
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]