From f5cf0ea93a55f43b553aa7d6698936e48c6a94df Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Fri, 13 Dec 2013 22:31:49 +0100 Subject: avformat/asf: clear uninitialized areas of packets before returning them Fixes use of uninitialized variables Fixes msan_uninit-mem_7f839282b6ce_7273_msn08_VBRq70_800x600.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavformat/asf.h | 1 + libavformat/asfdec.c | 6 ++++++ 2 files changed, 7 insertions(+) (limited to 'libavformat') diff --git a/libavformat/asf.h b/libavformat/asf.h index 904d3486e8..acad64dfd7 100644 --- a/libavformat/asf.h +++ b/libavformat/asf.h @@ -43,6 +43,7 @@ typedef struct ASFStream { int timestamp; int64_t duration; int skip_to_key; + int pkt_clean; int ds_span; /* descrambling */ int ds_packet_size; diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c index a9b032682d..1f8b25c910 100644 --- a/libavformat/asfdec.c +++ b/libavformat/asfdec.c @@ -1191,6 +1191,7 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) asf_st->pkt.dts = asf->packet_frag_timestamp - asf->hdr.preroll; asf_st->pkt.stream_index = asf->stream_index; asf_st->pkt.pos = asf_st->packet_pos = asf->packet_pos; + asf_st->pkt_clean = 0; if (asf_st->pkt.data && asf_st->palette_changed) { uint8_t *pal; @@ -1231,6 +1232,11 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt) continue; } + if (asf->packet_frag_offset != asf_st->frag_offset && !asf_st->pkt_clean) { + memset(asf_st->pkt.data + asf_st->frag_offset, 0, asf_st->pkt.size - asf_st->frag_offset); + asf_st->pkt_clean = 1; + } + ret = avio_read(pb, asf_st->pkt.data + asf->packet_frag_offset, asf->packet_frag_size); if (ret != asf->packet_frag_size) { -- cgit v1.2.3