[FFmpeg-cvslog] avcodec/iff: ensure that runs with insufficient input dont leave uninitialized bytes in the output

[Michael Niedermayer]

ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Thu Jan  2 14:50:48 2014 +0100| [4843227b2ca6876d07caddddd62e58e52d67e94f] | committer: Michael Niedermayer

avcodec/iff: ensure that runs with insufficient input dont leave uninitialized bytes in the output

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fa0dea15eae_8988_test.iff
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4843227b2ca6876d07caddddd62e58e52d67e94f
---

 libavcodec/iff.c |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavcodec/iff.c b/libavcodec/iff.c
index 4bde0a8..f08a0f7 100644
--- a/libavcodec/iff.c
+++ b/libavcodec/iff.c
@@ -488,12 +488,12 @@ static int decode_byterun(uint8_t *dst, int dst_size,
         unsigned length;
         const int8_t value = *buf++;
         if (value >= 0) {
-            length = value + 1;
-            memcpy(dst + x, buf, FFMIN3(length, dst_size - x, buf_end - buf));
+            length = FFMIN3(value + 1, dst_size - x, buf_end - buf);
+            memcpy(dst + x, buf, length);
             buf += length;
         } else if (value > -128) {
-            length = -value + 1;
-            memset(dst + x, *buf++, FFMIN(length, dst_size - x));
+            length = FFMIN(-value + 1, dst_size - x);
+            memset(dst + x, *buf++, length);
         } else { // noop
             continue;
         }