avformat/ipmovie: Check that OPCODE_SET_PALETTE size is large enough

Fixes use of uninitialized memory Fixes: msan_uninit-mem_7fec1f40656c_4819_descent3_level5_16bit_partial.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-19 02:43:20 +0400
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-19 02:44:52 +0400
commit: 947e40b9feb8cd2817ce1bce0d2f6735b1144480 (patch)
tree: 0577d340cefeef22d64bafbb84645ab079849140 /libavformat/ipmovie.c
parent: 5f0d552c9b4cd83812d8e1619b96c294401141d1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c
index db95c49811..3c53686a6a 100644
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -451,8 +451,8 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
             av_dlog(NULL, "set palette\n");
             /* check for the logical maximum palette size
              * (3 * 256 + 4 bytes) */
-            if (opcode_size > 0x304) {
-                av_dlog(NULL, "demux_ipmovie: set_palette opcode too large\n");
+            if (opcode_size > 0x304 || opcode_size < 4) {
+                av_dlog(NULL, "demux_ipmovie: set_palette opcode with invalid size\n");
                 chunk_type = CHUNK_BAD;
                 break;
             }
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-19 02:43:20 +0400
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-19 02:44:52 +0400
commit	947e40b9feb8cd2817ce1bce0d2f6735b1144480 (patch)
tree	0577d340cefeef22d64bafbb84645ab079849140 /libavformat/ipmovie.c
parent	5f0d552c9b4cd83812d8e1619b96c294401141d1 (diff)