This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new 236dbc9f82 avcodec/xxan: zero-initialize y_buffer
236dbc9f82 is described below
commit 236dbc9f82b2d6b9946f63940eed67ca1489a803
Author: Weidong Wang <[email protected]>
AuthorDate: Sat Mar 14 13:45:39 2026 -0500
Commit: michaelni <[email protected]>
CommitDate: Mon Mar 16 10:24:33 2026 +0000
avcodec/xxan: zero-initialize y_buffer
Fixes ticket #22420.
When the first decoded frame is type 1, xan_decode_frame_type1() reads
y_buffer as prior-frame state before any data has been written to it.
Since y_buffer is allocated with av_malloc(), this may propagate
uninitialized heap data into the decoded luma output.
Allocate y_buffer with av_mallocz() instead.
---
libavcodec/xxan.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c
index cb6a97c668..60d2c40075 100644
--- a/libavcodec/xxan.c
+++ b/libavcodec/xxan.c
@@ -68,7 +68,7 @@ static av_cold int xan_decode_init(AVCodecContext *avctx)
}
s->buffer_size = avctx->width * avctx->height;
- s->y_buffer = av_malloc(s->buffer_size);
+ s->y_buffer = av_mallocz(s->buffer_size);
if (!s->y_buffer)
return AVERROR(ENOMEM);
s->scratch_buffer = av_malloc(s->buffer_size + 130);
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]
