On 8/19/2020 4:59 PM, Thierry Foucu wrote:
> While reading the filename tag, it mays return a EOF and we are still
> copying the file with uninitialized value.
> ---
> libavformat/r3d.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavformat/r3d.c b/libavformat/r3d.c
> index 7aa0c5a2c3..7ba589530d 100644
> --- a/libavformat/r3d.c
> +++ b/libavformat/r3d.c
> @@ -54,7 +54,7 @@ static int r3d_read_red1(AVFormatContext *s)
> {
> AVStream *st = avformat_new_stream(s, NULL);
> R3DContext *r3d = s->priv_data;
> - char filename[258];
> + char filename[258] = {};
> int tmp;
> int av_unused tmp2;
> AVRational framerate;
It may be a better idea to check instead if avio_read() actually reads
the required 257 bytes, and abort otherwise.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
