PR #21367 opened by Timo Rothenpieler (BtbN) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21367 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21367.patch
Otherwise a specially crafted bitstream can potentially read uninitialized stack memory. Fixes #YWH-PGM40646-37 >From 36df0c5311558b5b79299a089b65aab167140a9c Mon Sep 17 00:00:00 2001 From: Timo Rothenpieler <[email protected]> Date: Sat, 3 Jan 2026 19:15:39 +0100 Subject: [PATCH 1/2] avcodec/notchlc: actually use HISTORY_SIZE to initialize history --- libavcodec/notchlc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c index d99de1810e..82c48d2054 100644 --- a/libavcodec/notchlc.c +++ b/libavcodec/notchlc.c @@ -79,7 +79,7 @@ static int lz4_decompress(AVCodecContext *avctx, PutByteContext *pb) { unsigned reference_pos, delta, pos = 0; - uint8_t history[64 * 1024]; + uint8_t history[HISTORY_SIZE]; int match_length; while (bytestream2_get_bytes_left(gb) > 0) { -- 2.49.1 >From 1829e4f171b5ac897ae2731f0a3a0ace4d5834dc Mon Sep 17 00:00:00 2001 From: Timo Rothenpieler <[email protected]> Date: Sat, 3 Jan 2026 19:55:56 +0100 Subject: [PATCH 2/2] avcodec/notchlc: zero-initialize history buffer Otherwise a specially crafted bitstream can potentially read uninitialized stack memory. Fixes #YWH-PGM40646-37 --- libavcodec/notchlc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c index 82c48d2054..c28fddcea0 100644 --- a/libavcodec/notchlc.c +++ b/libavcodec/notchlc.c @@ -79,7 +79,7 @@ static int lz4_decompress(AVCodecContext *avctx, PutByteContext *pb) { unsigned reference_pos, delta, pos = 0; - uint8_t history[HISTORY_SIZE]; + uint8_t history[HISTORY_SIZE] = { 0 }; int match_length; while (bytestream2_get_bytes_left(gb) > 0) { -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
