diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2013-12-19 04:38:16 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2013-12-19 05:07:22 +0100 |
| commit | f5d039840aca64d0ce79cd08e64423833becf570 (patch) | |
| tree | 9d1b134bb12370e908460a7eadf65991933c87d5 | |
| parent | e72f5abbc62d1ce1dc9cd689c1d8a49ead757c5a (diff) | |
| download | ffmpeg-f5d039840aca64d0ce79cd08e64423833becf570.tar.gz | |
avformat/swfdec: clear 4 bytes at the end of a packet if they are not initialized
Fixes use of uninitialized memory
Fixes part of msan_uninit-mem_7f055dd0ab1b_9558_videopop_guitar_300k.swf
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
| -rw-r--r-- | libavformat/swfdec.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/libavformat/swfdec.c b/libavformat/swfdec.c index c36c024168..c95b18ec6c 100644 --- a/libavformat/swfdec.c +++ b/libavformat/swfdec.c @@ -455,6 +455,7 @@ bitmap_end_skip: /* old SWF files containing SOI/EOI as data start */ /* files created by swink have reversed tag */ pkt->size -= 4; + memset(pkt->data+pkt->size, 0, 4); res = avio_read(pb, pkt->data, pkt->size); } else { res = avio_read(pb, pkt->data + 4, pkt->size - 4); |