avformat/ipmovie: Check that the OPCODE_INIT_AUDIO_BUFFERS size is large enough

Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f75b03c1f19_4820_descent3_level5_16bit_partial.mve Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-19 02:13:15 +0400
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-19 02:15:18 +0400
commit: 8faabf3bd29cf587a8c5b8aa38836e9c99dba054 (patch)
tree: 0bde1a20f90bc5103686bfe129a158def74449e3 /libavformat/ipmovie.c
parent: cb079b1b2bb1f7d0609ea7196090802a2788913a (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c
index 57664f1539..6d2cc058c0 100644
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -339,7 +339,7 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
 
         case OPCODE_INIT_AUDIO_BUFFERS:
             av_dlog(NULL, "initialize audio buffers\n");
-            if ((opcode_version > 1) || (opcode_size > 10)) {
+            if ((opcode_version > 1) || (opcode_size > 10) || opcode_size < 6) {
                 av_dlog(NULL, "bad init_audio_buffers opcode\n");
                 chunk_type = CHUNK_BAD;
                 break;
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-19 02:13:15 +0400
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-19 02:15:18 +0400
commit	8faabf3bd29cf587a8c5b8aa38836e9c99dba054 (patch)
tree	0bde1a20f90bc5103686bfe129a158def74449e3 /libavformat/ipmovie.c
parent	cb079b1b2bb1f7d0609ea7196090802a2788913a (diff)