From 4e2da0082d46702fe5671e13885727c48ef09c20 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 6 Aug 2025 13:36:06 +0200
Subject: [PATCH] avcodec/ffv1: Clear state on alloc

Fixes: use of uninitialized memory
Fixes: 428969823/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_FFV1_DEC_fuzzer-5909681623334912

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 70fc46d185663dbea0995bf868d66b58b388119e)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/ffv1.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/ffv1.c b/libavcodec/ffv1.c
index 2b8564c2f5..cb3e76740d 100644
--- a/libavcodec/ffv1.c
+++ b/libavcodec/ffv1.c
@@ -81,7 +81,7 @@ av_cold int ff_ffv1_init_slice_state(const FFV1Context *f,
 
         if (f->ac != AC_GOLOMB_RICE) {
             if (!p->state)
-                p->state = av_malloc_array(p->context_count, CONTEXT_SIZE *
+                p->state = av_calloc(p->context_count, CONTEXT_SIZE *
                                      sizeof(uint8_t));
             if (!p->state)
                 return AVERROR(ENOMEM);