flashsv: Initialize the block array

Otherwise flashsv2_prime could be fed random data. Bug-Id: 908 CC: libav-stable@libav.org Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
2024-12-23 12:43:46 +02:00 · 2015-11-01 04:07:48 +01:00 · 2015-11-01 04:07:48 +01:00 · 50d2a3b5f3
commit 50d2a3b5f3
parent de41b555cd
1 changed files with 4 additions and 2 deletions
--- a/libavcodec/flashsv.c
+++ b/libavcodec/flashsv.c
@ -339,12 +339,14 @@ static int flashsv_decode_frame(AVCodecContext *avctx, void *data,
    s->is_keyframe = (avpkt->flags & AV_PKT_FLAG_KEY) && (s->ver == 2);
    if (s->is_keyframe) {
        int err;
+        int nb_blocks = (v_blocks + !!v_part) *
+                        (h_blocks + !!h_part) * sizeof(s->blocks[0]);
        if ((err = av_reallocp(&s->keyframedata, avpkt->size)) < 0)
            return err;
        memcpy(s->keyframedata, avpkt->data, avpkt->size);
-        if ((err = av_reallocp(&s->blocks, (v_blocks + !!v_part) *
-                               (h_blocks + !!h_part) * sizeof(s->blocks[0]))) < 0)
+        if ((err = av_reallocp(&s->blocks, nb_blocks)) < 0)
            return err;
+        memset(s->blocks, 0, nb_blocks);
    }

    ff_dlog(avctx, "image: %dx%d block: %dx%d num: %dx%d part: %dx%d\n",