From e40b23c52abe3356effa552549b2e989708a6e70 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 12 Aug 2024 15:23:56 +0200 Subject: [PATCH] tools/target_dec_fuzzer: Check that FFv1 doesnt leave uninitialized memory in its buffers Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index 794b5b92cc..5fccf2ab8f 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -129,7 +129,14 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame) frame->extended_data = frame->data; for (i = 0; i < 4 && size[i]; i++) { - frame->buf[i] = av_buffer_allocz(size[i]); + switch(ctx->codec_id) { + case AV_CODEC_ID_FFV1: + frame->buf[i] = av_buffer_alloc(size[i]); + break; + default: + frame->buf[i] = av_buffer_allocz(size[i]); + } + if (!frame->buf[i]) goto fail; frame->data[i] = frame->buf[i]->data;