avcodec/jpeg2000dec: clear pointer which become stale in get_ppt()

Fixes: use after free Fixes: 22484/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5671488765296640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Gautam Ramakrishnan <gautamramk@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

avcodec/jpeg2000dec: clear pointer which become stale in get_ppt()
Fixes: use after free Fixes: 22484/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5671488765296640 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpegReviewed-by: Gautam Ramakrishnan <gautamramk@gmail.com> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
4b224859 · Michael Niedermayer · 01fd93e2 · 4b224859
Commit 4b224859 authored May 31, 2020 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 0 deletions

jpeg2000dec.c libavcodec/jpeg2000dec.c +1 -0

No files found.
--- a/libavcodec/jpeg2000dec.c
+++ b/libavcodec/jpeg2000dec.c
@@ -928,6 +928,7 @@ static int get_ppt(Jpeg2000DecoderContext *s, int n)
        tile->packed_headers = new;
    } else
        return AVERROR(ENOMEM);
+    memset(&tile->packed_headers_stream, 0, sizeof(tile->packed_headers_stream));
    memcpy(tile->packed_headers + tile->packed_headers_size,
           s->g.buffer, n - 3);
    tile->packed_headers_size += n - 3;