CVE-2023-5217 Mitigates memory vulnerabilities through explicit usage of bzero() in lieu of memset(..., 0, ...)

examples/set_maps.c

@@ -64,7 +64,7 @@ static void set_roi_map(const vpx_codec_enc_cfg_t *cfg,
                         vpx_codec_ctx_t *codec) {
   unsigned int i;
   vpx_roi_map_t roi;
-  memset(&roi, 0, sizeof(roi));
+  bzero(&roi, sizeof(roi));
 
   roi.rows = (cfg->g_h + 15) / 16;
   roi.cols = (cfg->g_w + 15) / 16;
@@ -166,7 +166,7 @@ int main(int argc, char **argv) {
   exec_name = argv[0];
   if (argc != 6) die("Invalid number of arguments");
 
-  memset(&info, 0, sizeof(info));
+  bzero(&info, sizeof(info));
 
   encoder = get_vpx_encoder_by_name(argv[1]);
   if (encoder == NULL) {

examples/svc_encodeframe.c

@@ -84,7 +84,7 @@ static SvcInternal_t *get_svc_internal(SvcContext *svc_ctx) {
   if (svc_ctx->internal == NULL) {
     SvcInternal_t *const si = (SvcInternal_t *)malloc(sizeof(*si));
     if (si != NULL) {
-      memset(si, 0, sizeof(*si));
+      bzero(si, sizeof(*si));
     }
     svc_ctx->internal = si;
   }

examples/vp8_multi_resolution_encoder.c

@@ -386,7 +386,7 @@ int main(int argc, char **argv) {
   /* Open file to write out each spatially downsampled input stream. */
   for (i = 0; i < NUM_ENCODERS - 1; i++) {
     // Highest resoln is encoder 0.
-    if (sprintf(filename, "ds%d.yuv", NUM_ENCODERS - i) < 0) {
+    if (snprintf(filename, sizeof(int), "ds%d.yuv", NUM_ENCODERS - i) < 0) {
       return EXIT_FAILURE;
     }
     downsampled_input[i] = fopen(filename, "wb");

examples/vp9_spatial_svc_encoder.c

@@ -900,11 +900,11 @@ int main(int argc, const char **argv) {
   int mismatch_seen = 0;
   vpx_codec_ctx_t decoder;
 #endif
-  memset(&svc_ctx, 0, sizeof(svc_ctx));
-  memset(&app_input, 0, sizeof(AppInput));
-  memset(&info, 0, sizeof(VpxVideoInfo));
-  memset(&layer_id, 0, sizeof(vpx_svc_layer_id_t));
-  memset(&rc, 0, sizeof(struct RateControlStats));
+  bzero(&svc_ctx, sizeof(svc_ctx));
+  bzero(&app_input, sizeof(AppInput));
+  bzero(&info, sizeof(VpxVideoInfo));
+  bzero(&layer_id, sizeof(vpx_svc_layer_id_t));
+  bzero(&rc, sizeof(struct RateControlStats));
   exec_name = argv[0];
 
   /* Setup default input stream settings */

examples/vpx_temporal_svc_encoder.c

@@ -30,7 +30,7 @@
 
 #define ROI_MAP 0
 
-#define zero(Dest) memset(&(Dest), 0, sizeof(Dest))
+#define zero(Dest) bzero(&(Dest), sizeof(Dest))
 
 static const char *exec_name;
 
@@ -671,8 +671,8 @@ int main(int argc, char **argv) {
   int *prev_mask_map;
 #endif
   zero(rc.layer_target_bitrate);
-  memset(&layer_id, 0, sizeof(vpx_svc_layer_id_t));
-  memset(&input_ctx, 0, sizeof(input_ctx));
+  bzero(&layer_id, sizeof(vpx_svc_layer_id_t));
+  bzero(&input_ctx, sizeof(input_ctx));
   /* Setup default input stream settings */
   input_ctx.framerate.numerator = 30;
   input_ctx.framerate.denominator = 1;
@@ -898,7 +898,7 @@ int main(int argc, char **argv) {
 #endif
   } else if (strncmp(encoder->name, "vp9", 3) == 0) {
     vpx_svc_extra_cfg_t svc_params;
-    memset(&svc_params, 0, sizeof(svc_params));
+    bzero(&svc_params, sizeof(svc_params));
     vpx_codec_control(&codec, VP9E_SET_POSTENCODE_DROP, 0);
     vpx_codec_control(&codec, VP9E_SET_DISABLE_OVERSHOOT_MAXQ_CBR, 0);
     vpx_codec_control(&codec, VP8E_SET_CPUUSED, speed);

md5_utils.c

@@ -112,14 +112,14 @@ void MD5Final(md5byte digest[16], struct MD5Context *ctx) {
   count = 56 - 1 - count;
 
   if (count < 0) { /* Padding forces an extra block */
-    memset(p, 0, count + 8);
+    bzero(p, count + 8);
     byteSwap(ctx->in, 16);
     MD5Transform(ctx->buf, ctx->in);
     p = (md5byte *)ctx->in;
     count = 56;
   }
 
-  memset(p, 0, count);
+  bzero(p, count);
   byteSwap(ctx->in, 14);
 
   /* Append length in bits and transform */
@@ -129,7 +129,7 @@ void MD5Final(md5byte digest[16], struct MD5Context *ctx) {
 
   byteSwap(ctx->buf, 4);
   memcpy(digest, ctx->buf, 16);
-  memset(ctx, 0, sizeof(*ctx)); /* In case it's sensitive */
+  bzero(ctx, sizeof(*ctx)); /* In case it's sensitive */
 }
 
 #ifndef ASM_MD5

test/add_noise_test.cc

@@ -83,7 +83,7 @@ TEST_P(AddNoiseTest, CheckNoiseAdded) {
   }
 
   // Initialize pixels in the image to 0 and check for roll under.
-  memset(s, 0, image_size);
+  bzero(s, image_size);
 
   ASM_REGISTER_STATE_CHECK(
       GET_PARAM(1)(s, noise, clamp, clamp, width, height, width));

test/consistency_test.cc

@@ -51,7 +51,7 @@ class ConsistencyTestBase : public ::testing::Test {
     ssim_array_ = new Ssimv[kDataBufferSize / 16];
   }
 
-  static void ClearSsim() { memset(ssim_array_, 0, kDataBufferSize / 16); }
+  static void ClearSsim() { bzero(ssim_array_, kDataBufferSize / 16); }
   static void TearDownTestSuite() {
     vpx_free(source_data_[0]);
     source_data_[0] = nullptr;

test/dct16x16_test.cc

@@ -459,11 +459,11 @@ class Trans16x16TestBase {
       fwd_txfm_ref(input_extreme_block, output_ref_block, pitch_, tx_type_);
 
       // clear reconstructed pixel buffers
-      memset(dst, 0, kNumCoeffs * sizeof(uint8_t));
-      memset(ref, 0, kNumCoeffs * sizeof(uint8_t));
+      bzero(dst, kNumCoeffs * sizeof(uint8_t));
+      bzero(ref, kNumCoeffs * sizeof(uint8_t));
 #if CONFIG_VP9_HIGHBITDEPTH
-      memset(dst16, 0, kNumCoeffs * sizeof(uint16_t));
-      memset(ref16, 0, kNumCoeffs * sizeof(uint16_t));
+      bzero(dst16, kNumCoeffs * sizeof(uint16_t));
+      bzero(ref16, kNumCoeffs * sizeof(uint16_t));
 #endif
 
       // quantization with maximum allowed step sizes

test/decode_test_driver.h

@@ -40,12 +40,12 @@ class Decoder {
  public:
   explicit Decoder(vpx_codec_dec_cfg_t cfg)
       : cfg_(cfg), flags_(0), init_done_(false) {
-    memset(&decoder_, 0, sizeof(decoder_));
+    bzero(&decoder_, sizeof(decoder_));
   }
 
   Decoder(vpx_codec_dec_cfg_t cfg, const vpx_codec_flags_t flag)
       : cfg_(cfg), flags_(flag), init_done_(false) {
-    memset(&decoder_, 0, sizeof(decoder_));
+    bzero(&decoder_, sizeof(decoder_));
   }
 
   virtual ~Decoder() { vpx_codec_destroy(&decoder_); }

test/encode_api_test.cc

@@ -141,7 +141,7 @@ TEST(EncodeAPI, MultiResEncode) {
     vpx_codec_enc_cfg_t cfg[2];
     vpx_rational_t dsf[2] = { { 2, 1 }, { 2, 1 } };
 
-    memset(enc, 0, sizeof(enc));
+    bzero(enc, sizeof(enc));
 
     for (int i = 0; i < 2; i++) {
       vpx_codec_enc_config_default(iface, &cfg[i], 0);

test/encode_test_driver.h

@@ -89,7 +89,7 @@ class Encoder {
   Encoder(vpx_codec_enc_cfg_t cfg, unsigned long deadline,
           const unsigned long init_flags, TwopassStatsStore *stats)
       : cfg_(cfg), deadline_(deadline), init_flags_(init_flags), stats_(stats) {
-    memset(&encoder_, 0, sizeof(encoder_));
+    bzero(&encoder_, sizeof(encoder_));
   }
 
   virtual ~Encoder() { vpx_codec_destroy(&encoder_); }

test/external_frame_buffer_test.cc

@@ -52,7 +52,7 @@ class ExternalFrameBufferList {
     num_buffers_ = num_buffers;
     ext_fb_list_ = new ExternalFrameBuffer[num_buffers_];
     EXPECT_NE(ext_fb_list_, nullptr);
-    memset(ext_fb_list_, 0, sizeof(ext_fb_list_[0]) * num_buffers_);
+    bzero(ext_fb_list_, sizeof(ext_fb_list_[0]) * num_buffers_);
     return true;
   }
 
@@ -68,7 +68,7 @@ class ExternalFrameBufferList {
     if (ext_fb_list_[idx].size < min_size) {
       delete[] ext_fb_list_[idx].data;
       ext_fb_list_[idx].data = new uint8_t[min_size];
-      memset(ext_fb_list_[idx].data, 0, min_size);
+      bzero(ext_fb_list_[idx].data, min_size);
       ext_fb_list_[idx].size = min_size;
     }
 

test/fdct8x8_test.cc

@@ -156,7 +156,7 @@ class FwdTrans8x8TestBase {
     int count_sign_block[64][2];
     const int count_test_block = 100000;
 
-    memset(count_sign_block, 0, sizeof(count_sign_block));
+    bzero(count_sign_block, sizeof(count_sign_block));
 
     for (int i = 0; i < count_test_block; ++i) {
       // Initialize a test block with input range [-255, 255].
@@ -187,7 +187,7 @@ class FwdTrans8x8TestBase {
           << " count1: " << count_sign_block[j][1] << " diff: " << diff;
     }
 
-    memset(count_sign_block, 0, sizeof(count_sign_block));
+    bzero(count_sign_block, sizeof(count_sign_block));
 
     for (int i = 0; i < count_test_block; ++i) {
       // Initialize a test block with input range [-mask_ / 16, mask_ / 16].

test/hadamard_test.cc

@@ -159,11 +159,11 @@ class HadamardTestBase : public ::testing::TestWithParam<HadamardFuncWithSize> {
     const int kMaxBlockSize = 32 * 32;
     DECLARE_ALIGNED(16, int16_t, a[kMaxBlockSize]);
     DECLARE_ALIGNED(16, tran_low_t, b[kMaxBlockSize]);
-    memset(a, 0, sizeof(a));
-    memset(b, 0, sizeof(b));
+    bzero(a, sizeof(a));
+    bzero(b, sizeof(b));
 
     tran_low_t b_ref[kMaxBlockSize];
-    memset(b_ref, 0, sizeof(b_ref));
+    bzero(b_ref, sizeof(b_ref));
 
     for (int i = 0; i < block_size_; ++i) a[i] = Rand();
 
@@ -180,10 +180,10 @@ class HadamardTestBase : public ::testing::TestWithParam<HadamardFuncWithSize> {
     const int kMaxBlockSize = 32 * 32;
     DECLARE_ALIGNED(16, int16_t, input_extreme_block[kMaxBlockSize]);
     DECLARE_ALIGNED(16, tran_low_t, b[kMaxBlockSize]);
-    memset(b, 0, sizeof(b));
+    bzero(b, sizeof(b));
 
     tran_low_t b_ref[kMaxBlockSize];
-    memset(b_ref, 0, sizeof(b_ref));
+    bzero(b_ref, sizeof(b_ref));
 
     for (int i = 0; i < 2; ++i) {
       // Initialize a test block with input range [-mask_, mask_].
@@ -205,13 +205,13 @@ class HadamardTestBase : public ::testing::TestWithParam<HadamardFuncWithSize> {
     const int kMaxBlockSize = 32 * 32;
     DECLARE_ALIGNED(16, int16_t, a[kMaxBlockSize * 8]);
     DECLARE_ALIGNED(16, tran_low_t, b[kMaxBlockSize]);
-    memset(a, 0, sizeof(a));
+    bzero(a, sizeof(a));
     for (int i = 0; i < block_size_ * 8; ++i) a[i] = Rand();
 
     tran_low_t b_ref[kMaxBlockSize];
     for (int i = 8; i < 64; i += 8) {
-      memset(b, 0, sizeof(b));
-      memset(b_ref, 0, sizeof(b_ref));
+      bzero(b, sizeof(b));
+      bzero(b_ref, sizeof(b_ref));
 
       ReferenceHadamard(a, i, b_ref, bwh_);
       ASM_REGISTER_STATE_CHECK(h_func_(a, i, b));
@@ -228,7 +228,7 @@ class HadamardTestBase : public ::testing::TestWithParam<HadamardFuncWithSize> {
     DECLARE_ALIGNED(16, int16_t, input[kMaxBlockSize]);
     DECLARE_ALIGNED(16, tran_low_t, output[kMaxBlockSize]);
     memset(input, 1, sizeof(input));
-    memset(output, 0, sizeof(output));
+    bzero(output, sizeof(output));
 
     vpx_usec_timer timer;
     vpx_usec_timer_start(&timer);

test/minmax_test.cc

@@ -58,7 +58,7 @@ void reference_minmax(const uint8_t *a, int a_stride, const uint8_t *b,
 TEST_P(MinMaxTest, MinValue) {
   for (int i = 0; i < 64; i++) {
     uint8_t a[64], b[64];
-    memset(a, 0, sizeof(a));
+    bzero(a, sizeof(a));
     memset(b, 255, sizeof(b));
     b[i] = i;  // Set a minimum difference of i.
 
@@ -72,8 +72,8 @@ TEST_P(MinMaxTest, MinValue) {
 TEST_P(MinMaxTest, MaxValue) {
   for (int i = 0; i < 64; i++) {
     uint8_t a[64], b[64];
-    memset(a, 0, sizeof(a));
-    memset(b, 0, sizeof(b));
+    bzero(a, sizeof(a));
+    bzero(b, sizeof(b));
     b[i] = i;  // Set a maximum difference of i.
 
     int min, max;

test/partial_idct_test.cc

@@ -111,7 +111,7 @@ class PartialIDctTest : public ::testing::TestWithParam<PartialInvTxfmParam> {
   }
 
   void InitMem() {
-    memset(input_block_, 0, sizeof(*input_block_) * input_block_size_);
+    bzero(input_block_, sizeof(*input_block_) * input_block_size_);
     if (pixel_size_ == 1) {
       for (int j = 0; j < output_block_size_; ++j) {
         output_block_[j] = output_block_ref_[j] = rnd_.Rand16() & mask_;
@@ -276,13 +276,13 @@ TEST_P(PartialIDctTest, SingleExtremeCoeff) {
   const int16_t max_coeff = std::numeric_limits<int16_t>::max();
   const int16_t min_coeff = std::numeric_limits<int16_t>::min();
   for (int i = 0; i < last_nonzero_; ++i) {
-    memset(input_block_, 0, sizeof(*input_block_) * input_block_size_);
+    bzero(input_block_, sizeof(*input_block_) * input_block_size_);
     // Run once for min and once for max.
     for (int j = 0; j < 2; ++j) {
       const int coeff = j ? min_coeff : max_coeff;
 
-      memset(output_block_, 0, pixel_size_ * output_block_size_);
-      memset(output_block_ref_, 0, pixel_size_ * output_block_size_);
+      bzero(output_block_, pixel_size_ * output_block_size_);
+      bzero(output_block_ref_, pixel_size_ * output_block_size_);
       input_block_[vp9_default_scan_orders[tx_size_].scan[i]] = coeff;
 
       ASM_REGISTER_STATE_CHECK(

test/pp_filter_test.cc

@@ -161,7 +161,7 @@ TEST_P(VpxPostProcDownAndAcrossMbRowTest, CheckCvsAssembly) {
   src_image.Set(&rnd, &ACMRandom::Rand8);
 
   for (int blocks = 0; blocks < block_width_; blocks += 8) {
-    (void)memset(flimits_, 0, sizeof(*flimits_) * flimits_width);
+    (void)bzero(flimits_, sizeof(*flimits_) * flimits_width);
 
     for (int f = 0; f < 255; f++) {
       (void)memset(flimits_ + blocks, f, sizeof(*flimits_) * 8);

test/predict_test.cc

@@ -59,9 +59,9 @@ class PredictTestBase : public AbstractBench,
     dst_c_ = new uint8_t[16 * 16];
     ASSERT_NE(dst_c_, nullptr);
 
-    memset(src_, 0, kSrcSize);
+    bzero(src_, kSrcSize);
     memset(padded_dst_, 128, padded_dst_size_);
-    memset(dst_c_, 0, 16 * 16);
+    bzero(dst_c_, 16 * 16);
   }
 
   void TearDown() override {

test/quantize_test.cc

@@ -58,7 +58,7 @@ class QuantizeTestBase {
 
     // The full configuration is necessary to generate the quantization tables.
     VP8_CONFIG vp8_config;
-    memset(&vp8_config, 0, sizeof(vp8_config));
+    bzero(&vp8_config, sizeof(vp8_config));
 
     vp8_comp_ = vp8_create_compressor(&vp8_config);
 

test/set_roi.cc

@@ -48,7 +48,7 @@ TEST(VP8RoiMapTest, ParameterCheck) {
   cpi.common.mb_rows = 240 >> 4;
   cpi.common.mb_cols = 320 >> 4;
   const int mbs = (cpi.common.mb_rows * cpi.common.mb_cols);
-  memset(cpi.segment_feature_data, 0, sizeof(cpi.segment_feature_data));
+  bzero(cpi.segment_feature_data, sizeof(cpi.segment_feature_data));
 
   // Segment map
   cpi.segmentation_map = reinterpret_cast<unsigned char *>(vpx_calloc(mbs, 1));