RepoMirrors/ffmpeg
1
0
Fork 0
mirror of https://git.ffmpeg.org/ffmpeg.git synced 2024-12-26 01:02:33 +00:00
Code Issues Projects Releases Wiki Activity

avformat/ipmovie: Check that OPCODE_SET_PALETTE size is large enough

Browse Source 
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fec1f40656c_4819_descent3_level5_16bit_partial.mve
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-12-18 23:43:20 +01:00
parent 5f0d552c9b
commit 947e40b9fe
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavformat/ipmovie.c
View File

@ -451,8 +451,8 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
av_dlog(NULL, "set palette\n");
/* check for the logical maximum palette size
* (3 * 256 + 4 bytes) */
if (opcode_size > 0x304) {
av_dlog(NULL, "demux_ipmovie: set_palette opcode too large\n");
if (opcode_size > 0x304 || opcode_size < 4) {
av_dlog(NULL, "demux_ipmovie: set_palette opcode with invalid size\n");
chunk_type = CHUNK_BAD;
break;
}