#7872 closed defect (fixed)
libavcodec/scpr.c:decompress_p Uninitialized variable access
Reported by: | fisher | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | avcodec |
Version: | git-master | Keywords: | scpr |
Cc: | Blocked By: | ||
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
in libavcodec/scpr.c,decompress_p function has a uninitialized variable |min|, decode_value() can fail without assigning a value to |min|.so in min += temp << 8; Uninitialized variable access happens.
static int decompress_p(AVCodecContext *avctx,
uint32_t *dst, int linesize,
uint32_t *prev, int plinesize)
{
SCPRContext *s = avctx->priv_data;
GetByteContext *gb = &s->gb;
int ret, temp = 0, min, max, x, y, cx = 0, cx1 = 0;
int backstep = linesize - avctx->width;
if (bytestream2_get_byte(gb) == 0)
return 1;
bytestream2_skip(gb, 1);
init_rangecoder(&s->rc, gb);
ret = decode_value(s, s->range_model, 256, 1, &min);
ret |= decode_value(s, s->range_model, 256, 1, &temp);
min += temp << 8;
Change History (7)
comment:1 by , 5 years ago
Keywords: | scpr added |
---|---|
Resolution: | → fixed |
Status: | new → closed |
Version: | unspecified → git-master |
comment:6 by , 5 years ago
hope ffmpeg will not attack by this kind of bug. By the way,are you security engineer of ffmpeg or a developer
comment:7 by , 5 years ago
If you want to report security issues: see http://ffmpeg.org/security.html
See ea80af659c609dca45eae7ec0fb1b4bfbbc620af