From 866c44d4b0f90d448cffbe9d4422a2dec7df698b Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Mon, 23 Dec 2013 00:17:52 +0100 Subject: [PATCH] avcodec/wavpack: clear remainder of data in case of error in wv_unpack_mono/stereo() Fixes use of uninitialized data Fixes: msan_uninit-mem_7fd85b654950_4005_because.wv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/wavpack.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c index 6036a5c7dd..e1abe8d512 100644 --- a/libavcodec/wavpack.c +++ b/libavcodec/wavpack.c @@ -487,6 +487,13 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb, } while (!last && count < s->samples); wv_reset_saved_context(s); + + if (last && count < s->samples) { + int size = av_get_bytes_per_sample(type); + memset(dst_l + count*size, 0, (s->samples-count)*size); + memset(dst_r + count*size, 0, (s->samples-count)*size); + } + if ((s->avctx->err_recognition & AV_EF_CRCCHECK) && wv_check_crc(s, crc, crc_extra_bits)) return AVERROR_INVALIDDATA; @@ -548,6 +555,12 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb, } while (!last && count < s->samples); wv_reset_saved_context(s); + + if (last && count < s->samples) { + int size = av_get_bytes_per_sample(type); + memset(dst + count*size, 0, (s->samples-count)*size); + } + if (s->avctx->err_recognition & AV_EF_CRCCHECK) { int ret = wv_check_crc(s, crc, crc_extra_bits); if (ret < 0 && s->avctx->err_recognition & AV_EF_EXPLODE)