avcodec/iff: ensure that runs with insufficient input dont leave unin…

…itialized bytes in the output Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fa0dea15eae_8988_test.iff Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]>
lee-727818 · Jan 2, 2014 · 4843227 · 4843227
1 parent 7340718
commit 4843227
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/libavcodec/iff.c b/libavcodec/iff.c
@@ -488,12 +488,12 @@ static int decode_byterun(uint8_t *dst, int dst_size,
         unsigned length;
         const int8_t value = *buf++;
         if (value >= 0) {
-            length = value + 1;
-            memcpy(dst + x, buf, FFMIN3(length, dst_size - x, buf_end - buf));
+            length = FFMIN3(value + 1, dst_size - x, buf_end - buf);
+            memcpy(dst + x, buf, length);
             buf += length;
         } else if (value > -128) {
-            length = -value + 1;
-            memset(dst + x, *buf++, FFMIN(length, dst_size - x));
+            length = FFMIN(-value + 1, dst_size - x);
+            memset(dst + x, *buf++, length);
         } else { // noop
             continue;
         }