mjpeg: initialize input padding after unescaped buffer to zero

Fixes valgrind --undef-value-errors=yes warnings caused by valid
overreads in the fate vsynth jpegls, cover-art-ape and cover-art-wv
tests.

libavcodec/mjpegdec.c

@@ -1387,6 +1387,8 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
         }
         *unescaped_buf_ptr  = s->buffer;
         *unescaped_buf_size = dst - s->buffer;
+        memset(s->buffer + *unescaped_buf_size, 0,
+               FF_INPUT_BUFFER_PADDING_SIZE);
 
         av_log(s->avctx, AV_LOG_DEBUG, "escaping removed %td bytes\n",
                (buf_end - *buf_ptr) - (dst - s->buffer));
@@ -1428,6 +1430,8 @@ int ff_mjpeg_find_marker(MJpegDecodeContext *s,
 
         *unescaped_buf_ptr  = dst;
         *unescaped_buf_size = (bit_count + 7) >> 3;
+        memset(s->buffer + *unescaped_buf_size, 0,
+               FF_INPUT_BUFFER_PADDING_SIZE);
     } else {
         *unescaped_buf_ptr  = *buf_ptr;
         *unescaped_buf_size = buf_end - *buf_ptr;