avcodec/xxan: zero-initialize y_buffer
Fixes ticket #22420.
When the first decoded frame is type 1, xan_decode_frame_type1() reads y_buffer as prior-frame state before any data has been written to it.
Since y_buffer is allocated with av_malloc(), this may propagate uninitialized heap data into the decoded luma output.
Allocate y_buffer with av_mallocz() instead.
(cherry picked from commit 236dbc9f82)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Weidong Wang
committed by
Michael Niedermayer
Michael Niedermayer
parent
cb92c58c41
commit
37b2c7b6f8
+1
-1
@@ -67,7 +67,7 @@ static av_cold int xan_decode_init(AVCodecContext *avctx)
|
||||
}
|
||||
|
||||
s->buffer_size = avctx->width * avctx->height;
|
||||
s->y_buffer = av_malloc(s->buffer_size);
|
||||
s->y_buffer = av_mallocz(s->buffer_size);
|
||||
if (!s->y_buffer)
|
||||
return AVERROR(ENOMEM);
|
||||
s->scratch_buffer = av_malloc(s->buffer_size + 130);
|
||||
|
||||
Reference in New Issue
Block a user