diff options
| author | Sebastian Dröge <sebastian@centricular.com> | 2016-12-06 07:48:47 +0200 |
|---|---|---|
| committer | Sebastian Dröge <sebastian@centricular.com> | 2016-12-07 11:18:49 +0200 |
| commit | abc6d6ce6cf596ec1fbe1d2e5329f12a5af814af (patch) | |
| tree | 2f38de8fa9a0ee182dc3ce5231b9fdc1811591ea | |
| parent | 51c52ffba659fc17a8b6a0a04a8e565c875bb686 (diff) | |
| download | gstreamer-plugins-good-abc6d6ce6cf596ec1fbe1d2e5329f12a5af814af.tar.gz | |
flxdec: Allocate 0-initialized memory for the decoded frame
Otherwise we might leak arbitrary information from the uninitialized
memory if not every pixel is written.
https://scarybeastsecurity.blogspot.gr/2016/12/1days-0days-pocs-more-gstreamer-flic.html
| -rw-r--r-- | gst/flx/gstflxdec.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gst/flx/gstflxdec.c b/gst/flx/gstflxdec.c index aa1bed502..193225907 100644 --- a/gst/flx/gstflxdec.c +++ b/gst/flx/gstflxdec.c @@ -812,8 +812,8 @@ gst_flxdec_chain (GstPad * pad, GstObject * parent, GstBuffer * buf) } /* create delta and output frame */ - flxdec->frame_data = g_malloc (flxdec->size); - flxdec->delta_data = g_malloc (flxdec->size); + flxdec->frame_data = g_malloc0 (flxdec->size); + flxdec->delta_data = g_malloc0 (flxdec->size); flxdec->state = GST_FLXDEC_PLAYING; } |