github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-04-20 21:00:41 +08:00
Code Issues Packages Projects Releases Wiki Activity

avcodec/xxan: zero-initialize y_buffer

Browse Source 
Fixes ticket #22420.

When the first decoded frame is type 1, xan_decode_frame_type1() reads y_buffer as prior-frame state before any data has been written to it.
Since y_buffer is allocated with av_malloc(), this may propagate uninitialized heap data into the decoded luma output.

Allocate y_buffer with av_mallocz() instead.
This commit is contained in:
Weidong Wang
2026-03-14 13:45:39 -05:00
committed by michaelni
parent 6ba0b59d8b
commit 236dbc9f82
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/xxan.c
View File

@@ -68,7 +68,7 @@ static av_cold int xan_decode_init(AVCodecContext *avctx)
}
s->buffer_size = avctx->width * avctx->height;
s->y_buffer = av_malloc(s->buffer_size);
s->y_buffer = av_mallocz(s->buffer_size);
if (!s->y_buffer)
return AVERROR(ENOMEM);
s->scratch_buffer = av_malloc(s->buffer_size + 130);