[FFmpeg-cvslog] avcodec/wavpack: clear remainder of data in case of error in wv_unpack_mono/stereo()

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon Dec 23 00:17:52 2013 +0100| [866c44d4b0f90d448cffbe9d4422a2dec7df698b] | committer: Michael Niedermayer

avcodec/wavpack: clear remainder of data in case of error in wv_unpack_mono/stereo()

Fixes use of uninitialized data
Fixes: msan_uninit-mem_7fd85b654950_4005_because.wv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=866c44d4b0f90d448cffbe9d4422a2dec7df698b
---

 libavcodec/wavpack.c |   13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 6036a5c..e1abe8d 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -487,6 +487,13 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb,
     } while (!last && count < s->samples);
 
     wv_reset_saved_context(s);
+
+    if (last && count < s->samples) {
+        int size = av_get_bytes_per_sample(type);
+        memset(dst_l + count*size, 0, (s->samples-count)*size);
+        memset(dst_r + count*size, 0, (s->samples-count)*size);
+    }
+
     if ((s->avctx->err_recognition & AV_EF_CRCCHECK) &&
         wv_check_crc(s, crc, crc_extra_bits))
         return AVERROR_INVALIDDATA;
@@ -548,6 +555,12 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb,
     } while (!last && count < s->samples);
 
     wv_reset_saved_context(s);
+
+    if (last && count < s->samples) {
+        int size = av_get_bytes_per_sample(type);
+        memset(dst + count*size, 0, (s->samples-count)*size);
+    }
+
     if (s->avctx->err_recognition & AV_EF_CRCCHECK) {
         int ret = wv_check_crc(s, crc, crc_extra_bits);
         if (ret < 0 && s->avctx->err_recognition & AV_EF_EXPLODE)