PR #22375 opened by michaelni URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22375 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22375.patch
Fixes: read of uninitialized memory Fixes: 488256339/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-6347338118660096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> >From 74cf82812247c6bf2ed5738eef3ba9ecea032a41 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer <[email protected]> Date: Wed, 4 Mar 2026 01:26:02 +0100 Subject: [PATCH] avformat/mlvdec: avoid uninitialzed read in read_string() Fixes: read of uninitialized memory Fixes: 488256339/clusterfuzz-testcase-minimized-ffmpeg_dem_MLV_fuzzer-6347338118660096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <[email protected]> --- libavformat/mlvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/mlvdec.c b/libavformat/mlvdec.c index 3a5d211085..fa35bc9c45 100644 --- a/libavformat/mlvdec.c +++ b/libavformat/mlvdec.c @@ -97,7 +97,7 @@ static void read_string(AVFormatContext *avctx, AVIOContext *pb, const char *tag } ret = avio_read(pb, value, size); - if (ret != size || !value[0]) { + if (ret != size || !size || !value[0]) { av_free(value); return; } -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
