1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avformat/ipmovie: Check that OPCODE_SET_PALETTE size is large enough

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fec1f40656c_4819_descent3_level5_16bit_partial.mve
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2013-12-18 23:43:20 +01:00
parent 5f0d552c9b
commit 947e40b9fe

View File

@ -451,8 +451,8 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
av_dlog(NULL, "set palette\n");
/* check for the logical maximum palette size
* (3 * 256 + 4 bytes) */
if (opcode_size > 0x304) {
av_dlog(NULL, "demux_ipmovie: set_palette opcode too large\n");
if (opcode_size > 0x304 || opcode_size < 4) {
av_dlog(NULL, "demux_ipmovie: set_palette opcode with invalid size\n");
chunk_type = CHUNK_BAD;
break;
}