From: Dirk Farin <dirk.farin@gmail.com>
Date: Tue, 24 Jan 2023 18:01:42 +0000 (+0100)
Subject: [PATCH] initialize newly created CABAC model table when (fixes #236)
X-Git-Tag: archive/raspbian/1.0.3-1+rpi1+deb10u3^2~2
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=91d73c508475cb0ff64750707a6d0f6066d0e7f6;p=libde265.git

[PATCH] initialize newly created CABAC model table when (fixes #236)


Gbp-Pq: Name CVE-2020-21596-global-buffer-overflow.patch
---

diff --git a/libde265/contextmodel.cc b/libde265/contextmodel.cc
index ec43228..7244471 100644
--- a/libde265/contextmodel.cc
+++ b/libde265/contextmodel.cc
@@ -181,6 +181,8 @@ void context_model_table::decouple_or_alloc_with_empty_data()
   if (D) printf("%p (alloc)\n",this);
 
   model = new context_model[CONTEXT_MODEL_TABLE_LENGTH];
+  // Without initializing the model, we got an invalid model state during decoding (issue #236)
+  memset(model, 0, sizeof(context_model) * CONTEXT_MODEL_TABLE_LENGTH);
   refcnt= new int;
   *refcnt=1;
 }