aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2013-12-18 23:43:20 +0100
committerMichael Niedermayer <michaelni@gmx.at>2013-12-18 23:44:52 +0100
commit947e40b9feb8cd2817ce1bce0d2f6735b1144480 (patch)
tree0577d340cefeef22d64bafbb84645ab079849140
parent5f0d552c9b4cd83812d8e1619b96c294401141d1 (diff)
downloadffmpeg-947e40b9feb8cd2817ce1bce0d2f6735b1144480.tar.gz
avformat/ipmovie: Check that OPCODE_SET_PALETTE size is large enough
Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fec1f40656c_4819_descent3_level5_16bit_partial.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
-rw-r--r--libavformat/ipmovie.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c
index db95c49811..3c53686a6a 100644
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -451,8 +451,8 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
av_dlog(NULL, "set palette\n");
/* check for the logical maximum palette size
* (3 * 256 + 4 bytes) */
- if (opcode_size > 0x304) {
- av_dlog(NULL, "demux_ipmovie: set_palette opcode too large\n");
+ if (opcode_size > 0x304 || opcode_size < 4) {
+ av_dlog(NULL, "demux_ipmovie: set_palette opcode with invalid size\n");
chunk_type = CHUNK_BAD;
break;
}