avcodec/iff: ensure that runs with insufficient input dont leave uninitialized bytes in the output

Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fa0dea15eae_8988_test.iff Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2014-01-02 14:50:48 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2014-01-02 14:52:02 +0100
commit: 4843227b2ca6876d07caddddd62e58e52d67e94f (patch)
tree: 6a6367fa4363a05b1deb39e1cd386c380ff6bbd2 /libavcodec/iff.c
parent: 7340718d1c457f233e50e3ff4b15c113523c3200 (diff)
download: ffmpeg-4843227b2ca6876d07caddddd62e58e52d67e94f.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 4bde0a8117..f08a0f70ce 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -488,12 +488,12 @@ static int decode_byterun(uint8_t *dst, int dst_size,
         unsigned length;
         const int8_t value = *buf++;
         if (value >= 0) {
-            length = value + 1;
-            memcpy(dst + x, buf, FFMIN3(length, dst_size - x, buf_end - buf));
+            length = FFMIN3(value + 1, dst_size - x, buf_end - buf);
+            memcpy(dst + x, buf, length);
             buf += length;
         } else if (value > -128) {
-            length = -value + 1;
-            memset(dst + x, *buf++, FFMIN(length, dst_size - x));
+            length = FFMIN(-value + 1, dst_size - x);
+            memset(dst + x, *buf++, length);
         } else { // noop
             continue;
         }
author	Michael Niedermayer <michaelni@gmx.at>	2014-01-02 14:50:48 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2014-01-02 14:52:02 +0100
commit	4843227b2ca6876d07caddddd62e58e52d67e94f (patch)
tree	6a6367fa4363a05b1deb39e1cd386c380ff6bbd2 /libavcodec/iff.c
parent	7340718d1c457f233e50e3ff4b15c113523c3200 (diff)
download	ffmpeg-4843227b2ca6876d07caddddd62e58e52d67e94f.tar.gz