From a94f789c334ce35d7243f76b6bc982ba38289ec8 Mon Sep 17 00:00:00 2001 From: Kostya Shishkov Date: Mon, 14 May 2012 19:33:03 +0200 Subject: [PATCH] indeo3: initialise pixel planes on allocation This prevents decoder from reading garbage from it in case of errors later. (cherry picked from commit 81064a8045028838fd32d18490034c207c8ecc06) Fixes an invalid read on sample from CVE-2012-2804 Signed-off-by: Anton Khirnov --- libavcodec/indeo3.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/indeo3.c b/libavcodec/indeo3.c index 48e5810e69..2aa8d955ac 100644 --- a/libavcodec/indeo3.c +++ b/libavcodec/indeo3.c @@ -194,6 +194,8 @@ static av_cold int allocate_frame_buffers(Indeo3DecodeContext *ctx, /* set buffer pointers = buf_ptr + pitch and thus skip the INTRA prediction line */ ctx->planes[p].pixels[0] = ctx->planes[p].buffers[0] + ctx->planes[p].pitch; ctx->planes[p].pixels[1] = ctx->planes[p].buffers[1] + ctx->planes[p].pitch; + memset(ctx->planes[p].pixels[0], 0, ctx->planes[p].pitch * ctx->planes[p].height); + memset(ctx->planes[p].pixels[1], 0, ctx->planes[p].pitch * ctx->planes[p].height); } return 0;