From 42a1f1d7a8cf67eed68db596d6a1e53c0c36e4ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= Date: Fri, 30 Dec 2011 10:42:55 +0100 Subject: [PATCH] Avoid uninitialized data in lcldec when ofs is 0 in MSZH. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Reimar Döffinger --- libavcodec/lcldec.c | 8 +++++++- libavutil/lzo.h | 3 --- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c index e288fc3f63..57b04f79f1 100644 --- a/libavcodec/lcldec.c +++ b/libavcodec/lcldec.c @@ -96,7 +96,13 @@ static unsigned int mszh_decomp(const unsigned char * srcptr, int srclen, unsign ofs = FFMIN(ofs, destptr - destptr_bak); cnt *= 4; cnt = FFMIN(cnt, destptr_end - destptr); - av_memcpy_backptr(destptr, ofs, cnt); + if (ofs) { + av_memcpy_backptr(destptr, ofs, cnt); + } else { + // Not known what the correct behaviour is, but + // this at least avoids uninitialized data. + memset(destptr, 0, cnt); + } destptr += cnt; } maskbit >>= 1; diff --git a/libavutil/lzo.h b/libavutil/lzo.h index 379c08c8c7..060b5c9d76 100644 --- a/libavutil/lzo.h +++ b/libavutil/lzo.h @@ -67,9 +67,6 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen); * * cnt > back is valid, this will copy the bytes we just copied, * thus creating a repeating pattern with a period length of back. - * Note that lcldec currently can set back == 0 - which is wrong and - * makes no sense, but the code should at least avoid crashing or hanging - * for this case. */ void av_memcpy_backptr(uint8_t *dst, int back, int cnt);