avformat/ipmovie: Check that OPCODE_SET_PALETTE size is large enough

Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fec1f40656c_4819_descent3_level5_16bit_partial.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: N Michael Niedermayer <michaelni@gmx.at>

avformat/ipmovie: Check that OPCODE_SET_PALETTE size is large enough
Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fec1f40656c_4819_descent3_level5_16bit_partial.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: N Michael Niedermayer <michaelni@gmx.at>
947e40b9 · Michael Niedermayer · 5f0d552c · 947e40b9
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

libavformat/ipmovie.c libavformat/ipmovie.c +2 -2

未找到文件。
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -451,8 +451,8 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
            av_dlog(NULL, "set palette\n");
            /* check for the logical maximum palette size
             * (3 * 256 + 4 bytes) */
-            if (opcode_size > 0x304) {
-                av_dlog(NULL, "demux_ipmovie: set_palette opcode too large\n");
+            if (opcode_size > 0x304 || opcode_size < 4) {
+                av_dlog(NULL, "demux_ipmovie: set_palette opcode with invalid size\n");
                chunk_type = CHUNK_BAD;
                break;
            }