avcodec/vc1: fix DIFF2/NORM2 with width<=16

Fixes read of uninitialized memory Fixes msan_uninit-mem_7f785da000e8_585_480i30__codec_WVC1__mode_2__framerate_29.970__type_2__preproc_17.wmv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-14 17:55:25 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-14 18:02:01 +0100
commit: 2224159c787ed19a3cd2e061bc00af125c9c2cef (patch)
tree: eb1adf81cb8ae6586a15a717dff4021c4c84ea34 /libavcodec/vc1.c
parent: c9f72e4b81ae44d1a61459e85a3e1216a239a8ee (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/libavcodec/vc1.c b/libavcodec/vc1.c
index f20b946be6..6557724954 100644
--- a/libavcodec/vc1.c
+++ b/libavcodec/vc1.c
@@ -122,12 +122,16 @@ static int bitplane_decoding(uint8_t* data, int *raw_flag, VC1Context *v)
     case IMODE_NORM2:
         if ((height * width) & 1) {
             *planep++ = get_bits1(gb);
-            offset    = 1;
+            y = offset = 1;
+            if (offset == width) {
+                offset = 0;
+                planep += stride - width;
+            }
         }
         else
-            offset = 0;
+            y = offset = 0;
         // decode bitplane as one long line
-        for (y = offset; y < height * width; y += 2) {
+        for (; y < height * width; y += 2) {
             code = get_vlc2(gb, ff_vc1_norm2_vlc.table, VC1_NORM2_VLC_BITS, 1);
             *planep++ = code & 1;
             offset++;
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-14 17:55:25 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-14 18:02:01 +0100
commit	2224159c787ed19a3cd2e061bc00af125c9c2cef (patch)
tree	eb1adf81cb8ae6586a15a717dff4021c4c84ea34 /libavcodec/vc1.c
parent	c9f72e4b81ae44d1a61459e85a3e1216a239a8ee (diff)