avformat/ipmovie: Fix use of uninitialized memory in OPCODE_INIT_VIDEO_BUFFERS

Fixes: msan_uninit-mem_7ffe323a25f3_5929_ipmovie_interplayvideo_interplay_dpcm__bislogo.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-13 19:50:34 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-13 19:51:47 +0100
commit: 7d7a701362867439e9ce04fb0227b53de62704c4 (patch)
tree: b79f7d3a90361f05c34458e00f0ba75894553aea
parent: 7439475e69f333541c3647f6b9eb5b5af073cb64 (diff)
download: ffmpeg-7d7a701362867439e9ce04fb0227b53de62704c4.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c
index 368c05922d..ff5699a0d8 100644
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -376,7 +376,9 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
 
         case OPCODE_INIT_VIDEO_BUFFERS:
             av_dlog(NULL, "initialize video buffers\n");
-            if ((opcode_version > 2) || (opcode_size > 8) || opcode_size < 4) {
+            if ((opcode_version > 2) || (opcode_size > 8) || opcode_size < 4
+                || opcode_version == 2 && opcode_size < 8
+            ) {
                 av_dlog(NULL, "bad init_video_buffers opcode\n");
                 chunk_type = CHUNK_BAD;
                 break;
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-13 19:50:34 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-13 19:51:47 +0100
commit	7d7a701362867439e9ce04fb0227b53de62704c4 (patch)
tree	b79f7d3a90361f05c34458e00f0ba75894553aea
parent	7439475e69f333541c3647f6b9eb5b5af073cb64 (diff)
download	ffmpeg-7d7a701362867439e9ce04fb0227b53de62704c4.tar.gz