diff options
author | Michael Niedermayer | 2013-12-13 22:31:49 +0100 |
---|---|---|
committer | Michael Niedermayer | 2013-12-13 23:32:45 +0100 |
commit | f5cf0ea93a55f43b553aa7d6698936e48c6a94df (patch) | |
tree | 0a3783992fc12c29df7c563a1d5fa7fe2de1e3ef /libavformat | |
parent | 0f242e62b4b4f4da08b4e8e49aa1e4c2900a51f6 (diff) |
avformat/asf: clear uninitialized areas of packets before returning them
Fixes use of uninitialized variables
Fixes msan_uninit-mem_7f839282b6ce_7273_msn08_VBRq70_800x600.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavformat')
-rw-r--r-- | libavformat/asf.h | 1 | ||||
-rw-r--r-- | libavformat/asfdec.c | 6 |
2 files changed, 7 insertions, 0 deletions
diff --git a/libavformat/asf.h b/libavformat/asf.h index 904d3486e8..acad64dfd7 100644 --- a/libavformat/asf.h +++ b/libavformat/asf.h @@ -43,6 +43,7 @@ typedef struct ASFStream { int timestamp; int64_t duration; int skip_to_key; + int pkt_clean; int ds_span; /* descrambling */ int ds_packet_size; diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index a9b032682d..1f8b25c910 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -1191,6 +1191,7 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) asf_st->pkt.dts = asf->packet_frag_timestamp - asf->hdr.preroll; asf_st->pkt.stream_index = asf->stream_index; asf_st->pkt.pos = asf_st->packet_pos = asf->packet_pos; + asf_st->pkt_clean = 0; if (asf_st->pkt.data && asf_st->palette_changed) { uint8_t *pal; @@ -1231,6 +1232,11 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) continue; } + if (asf->packet_frag_offset != asf_st->frag_offset && !asf_st->pkt_clean) { + memset(asf_st->pkt.data + asf_st->frag_offset, 0, asf_st->pkt.size - asf_st->frag_offset); + asf_st->pkt_clean = 1; + } + ret = avio_read(pb, asf_st->pkt.data + asf->packet_frag_offset, asf->packet_frag_size); if (ret != asf->packet_frag_size) { |