#7866 closed defect (fixed)
libavcodec/scpr3.c:decompress_p3() use of uninitialized variable
Reported by: | fisher | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avcodec |
Version: | git-master | Keywords: | scpr |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
in static int decompress_p3(AVCodecContext *avctx,
uint32_t *dst, int linesize,
uint32_t *prev, int plinesize)
function, in
|int ret, temp, min, max, x, y, cx = 0, cx1 = 0;|
|temp| is not uninitialized ,and in
ret |= decode_value3(s, 255, &s->range_model3.cntsum,
s->range_model3.freqs[0],
s->range_model3.freqs[1],
s->range_model3.cnts,
s->range_model3.dectab, &temp);
decode_value3() function may fail and return without assigning a value to |temp|,so |temp| is still a uninitialized variable.
and in |min += temp << 8;| ,temp will be used.
Change History (8)
comment:1 by , 5 years ago
Analyzed by developer: | set |
---|---|
Status: | new → open |
Version: | unspecified → git-master |
comment:2 by , 5 years ago
Resolution: | → fixed |
---|---|
Status: | open → closed |
comment:4 by , 5 years ago
Hi ,will this case be assigned a cve?
I don't manage that, so i don't know the requirements, but i suppose it wont because this code was not in any release.
or will I receive a acknowledgement
I'm not sure what you mean with this, but the commit that fixed the bug points to this bug report.
comment:5 by , 5 years ago
In my experience,when I find a bug in a product,I report the bug to the developer.when they fix the bug,a
Cve will assign to this bug, and the bug
Finder will receive a acknowledgement .
comment:6 by , 5 years ago
As i said, i don't know how cve works, and i don't handle that stuff. But i don't think they will assign one for a bug that was not part of any release.
comment:8 by , 5 years ago
Analyzed by developer: | unset |
---|---|
Keywords: | scpr added |
Should be fixed in 938cb783d40ad5ee40f4e2be8617fdfb493dbe4d