PR #23267 opened by James Almer (jamrial) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23267 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23267.patch
Should fix buffer overflows as reported by clang-asan and use of uninitialized values as reported by valgrind. >From 686ef7eb3d77d5c3b487881365e64f69f5eab07c Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Thu, 28 May 2026 15:20:51 -0300 Subject: [PATCH 1/2] tests/checkasm/crc: retain offset values between calls Should fix buffer overflows as reported by clang-asan and use of uninitialized values as reported by valgrind. Signed-off-by: James Almer <[email protected]> --- tests/checkasm/crc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/checkasm/crc.c b/tests/checkasm/crc.c index 60d9ef6018..32a1aae3ab 100644 --- a/tests/checkasm/crc.c +++ b/tests/checkasm/crc.c @@ -44,17 +44,19 @@ static void check_crc(const AVCRC *table_new, const char *name, unsigned idx) return; DECLARE_ALIGNED(4, uint8_t, buf)[8192]; - size_t offset = rnd() & 31; + static size_t offsets[AV_CRC_MAX + 1]; static size_t sizes[AV_CRC_MAX + 1]; static unsigned sizes_initialized = 0; uint32_t prev_crc = rnd(); if (!(sizes_initialized & (1 << idx))) { sizes_initialized |= 1 << idx; - sizes[idx] = rnd() % (sizeof(buf) - 1 - offset); + offsets[idx] = rnd() & 31; + sizes[idx] = rnd() % (sizeof(buf) - 1 - offsets[idx]); } size_t size = sizes[idx]; + size_t offset = offsets[idx]; for (size_t j = 0; j < sizeof(buf); j += 4) AV_WN32A(buf + j, rnd()); -- 2.52.0 >From a371c1b37ca21519a255a61c3c71d6c3594bc8b0 Mon Sep 17 00:00:00 2001 From: James Almer <[email protected]> Date: Thu, 28 May 2026 15:21:28 -0300 Subject: [PATCH 2/2] tests/checkasm/crc: use libavutil memory allocation helpers Signed-off-by: James Almer <[email protected]> --- tests/checkasm/crc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/tests/checkasm/crc.c b/tests/checkasm/crc.c index 32a1aae3ab..4202c7784c 100644 --- a/tests/checkasm/crc.c +++ b/tests/checkasm/crc.c @@ -87,15 +87,13 @@ void checkasm_check_crc(void) struct CustomTest *prev; AVCRC ctx[1024]; } *ctx = NULL; - struct CustomTest *new = malloc(sizeof(*new)); + struct CustomTest *new = av_mallocz(sizeof(*new)); static int le, bits; static uint32_t poly; if (!new) fail(); - memset(new, 0, sizeof(*new)); - if (!ctx) { le = rnd() & 1; bits = 8 + rnd() % 25; // av_crc_init() accepts between 8 and 32 bits @@ -103,7 +101,7 @@ void checkasm_check_crc(void) } av_assert0(av_crc_init(new->ctx, le, bits, poly, sizeof(new->ctx)) >= 0); if (ctx && !memcmp(ctx->ctx, new->ctx, sizeof(new->ctx))) { - free(new); + av_free(new); } else { new->prev = ctx; ctx = new; -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
