avcodec/get_buffer: Use av_buffer_mallocz() for audio same as its done for video

Fixes: Use of uninintialized value Fixes: 70993/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_LATM_fuzzer-6378949754552320 Fixes: 71104/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_AAC_FIXED_fuzzer-5001538727116800 For the AAC/USAC/SBR code which reads uninitialized memory, it would be good, if it did not a fix for that is welcome! Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
2025-01-24 13:56:33 +02:00 · 2024-08-16 17:30:45 +02:00 · 2024-08-16 17:30:45 +02:00 · b9b4c9ebf0
commit b9b4c9ebf0
parent 3f0b95bb17
1 changed files with 4 additions and 1 deletions
--- a/libavcodec/get_buffer.c
+++ b/libavcodec/get_buffer.c
@ -142,7 +142,10 @@ static int update_frame_pool(AVCodecContext *avctx, AVFrame *frame)
        if (ret < 0)
            goto fail;

-        pool->pools[0] = av_buffer_pool_init(pool->linesize[0], NULL);
+        pool->pools[0] = av_buffer_pool_init(pool->linesize[0],
+                                             CONFIG_MEMORY_POISONING ?
+                                                NULL :
+                                                av_buffer_allocz);
        if (!pool->pools[0]) {
            ret = AVERROR(ENOMEM);
            goto fail;