This is an automated email from the git hooks/post-receive script. Git pushed a commit to branch release/8.1 in repository ffmpeg.
commit 5f3122760fe1a910f4f75b8fc8ba2f05913ed3c1 Author: Weidong Wang <[email protected]> AuthorDate: Sat Mar 14 13:45:39 2026 -0500 Commit: Michael Niedermayer <[email protected]> CommitDate: Mon Mar 16 17:23:47 2026 +0100 avcodec/xxan: zero-initialize y_buffer Fixes ticket #22420. When the first decoded frame is type 1, xan_decode_frame_type1() reads y_buffer as prior-frame state before any data has been written to it. Since y_buffer is allocated with av_malloc(), this may propagate uninitialized heap data into the decoded luma output. Allocate y_buffer with av_mallocz() instead. (cherry picked from commit 236dbc9f82b2d6b9946f63940eed67ca1489a803) Signed-off-by: Michael Niedermayer <[email protected]> --- libavcodec/xxan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/xxan.c b/libavcodec/xxan.c index cb6a97c668..60d2c40075 100644 --- a/libavcodec/xxan.c +++ b/libavcodec/xxan.c @@ -68,7 +68,7 @@ static av_cold int xan_decode_init(AVCodecContext *avctx) } s->buffer_size = avctx->width * avctx->height; - s->y_buffer = av_malloc(s->buffer_size); + s->y_buffer = av_mallocz(s->buffer_size); if (!s->y_buffer) return AVERROR(ENOMEM); s->scratch_buffer = av_malloc(s->buffer_size + 130); _______________________________________________ ffmpeg-cvslog mailing list -- [email protected] To unsubscribe send an email to [email protected]
