[FFmpeg-cvslog] avcodec/gifdec: check that the correct number of bytes was decoded

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Dec 17 02:32:19 2013 +0100| [745c40a47f885e57ad97a775bbaa5c9973430276] | committer: Michael Niedermayer

avcodec/gifdec: check that the correct number of bytes was decoded

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f084c646637_9261_top_title_green_frog.gif
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=745c40a47f885e57ad97a775bbaa5c9973430276
---

 libavcodec/gifdec.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index c7b9ac8..78c8900 100644
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -237,8 +237,12 @@ static int gif_read_image(GifState *s, AVFrame *frame)
     pass = 0;
     y1 = 0;
     for (y = 0; y < height; y++) {
-        if (ff_lzw_decode(s->lzw, s->idx_line, width) == 0)
+        int count = ff_lzw_decode(s->lzw, s->idx_line, width);
+        if (count != width) {
+            if (count)
+                av_log(s->avctx, AV_LOG_ERROR, "LZW decode failed\n");
             goto decode_tail;
+        }
 
         pr = ptr + width;