avformat/asf: clear uninitialized areas of packets before returning them

Fixes use of uninitialized variables
Fixes msan_uninit-mem_7f839282b6ce_7273_msn08_VBRq70_800x600.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavformat/asf.h b/libavformat/asf.h
index 904d348..acad64d 100644 (file)
--- a/libavformat/asf.h
+++ b/libavformat/asf.h
@@ -43,6 +43,7 @@ typedef struct ASFStream {
     int timestamp;
     int64_t duration;
     int skip_to_key;
+    int pkt_clean;
 
     int ds_span;                /* descrambling  */
     int ds_packet_size;

diff --git a/libavformat/asfdec.c b/libavformat/asfdec.c
index a9b0326..1f8b25c 100644 (file)
--- a/libavformat/asfdec.c
+++ b/libavformat/asfdec.c
@@ -1191,6 +1191,7 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt)
             asf_st->pkt.dts          = asf->packet_frag_timestamp - asf->hdr.preroll;
             asf_st->pkt.stream_index = asf->stream_index;
             asf_st->pkt.pos          = asf_st->packet_pos = asf->packet_pos;
+            asf_st->pkt_clean        = 0;
 
             if (asf_st->pkt.data && asf_st->palette_changed) {
                 uint8_t *pal;
@@ -1231,6 +1232,11 @@ static int asf_parse_packet(AVFormatContext *s, AVIOContext *pb, AVPacket *pkt)
             continue;
         }
 
+        if (asf->packet_frag_offset != asf_st->frag_offset && !asf_st->pkt_clean) {
+            memset(asf_st->pkt.data + asf_st->frag_offset, 0, asf_st->pkt.size - asf_st->frag_offset);
+            asf_st->pkt_clean = 1;
+        }
+
         ret = avio_read(pb, asf_st->pkt.data + asf->packet_frag_offset,
                         asf->packet_frag_size);
         if (ret != asf->packet_frag_size) {