From 4843227b2ca6876d07caddddd62e58e52d67e94f Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 2 Jan 2014 14:50:48 +0100
Subject: avcodec/iff: ensure that runs with insufficient input dont leave
 uninitialized bytes in the output

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fa0dea15eae_8988_test.iff
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/iff.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'libavcodec/iff.c')

diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 4bde0a8117..f08a0f70ce 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -488,12 +488,12 @@ static int decode_byterun(uint8_t *dst, int dst_size,
         unsigned length;
         const int8_t value = *buf++;
         if (value >= 0) {
-            length = value + 1;
-            memcpy(dst + x, buf, FFMIN3(length, dst_size - x, buf_end - buf));
+            length = FFMIN3(value + 1, dst_size - x, buf_end - buf);
+            memcpy(dst + x, buf, length);
             buf += length;
         } else if (value > -128) {
-            length = -value + 1;
-            memset(dst + x, *buf++, FFMIN(length, dst_size - x));
+            length = FFMIN(-value + 1, dst_size - x);
+            memset(dst + x, *buf++, length);
         } else { // noop
             continue;
         }
-- 
cgit v1.2.3