Commit 2224159c authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/vc1: fix DIFF2/NORM2 with width<=16

Fixes read of uninitialized memory
Fixes msan_uninit-mem_7f785da000e8_585_480i30__codec_WVC1__mode_2__framerate_29.970__type_2__preproc_17.wmv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent c9f72e4b
...@@ -122,12 +122,16 @@ static int bitplane_decoding(uint8_t* data, int *raw_flag, VC1Context *v) ...@@ -122,12 +122,16 @@ static int bitplane_decoding(uint8_t* data, int *raw_flag, VC1Context *v)
case IMODE_NORM2: case IMODE_NORM2:
if ((height * width) & 1) { if ((height * width) & 1) {
*planep++ = get_bits1(gb); *planep++ = get_bits1(gb);
offset = 1; y = offset = 1;
if (offset == width) {
offset = 0;
planep += stride - width;
}
} }
else else
offset = 0; y = offset = 0;
// decode bitplane as one long line // decode bitplane as one long line
for (y = offset; y < height * width; y += 2) { for (; y < height * width; y += 2) {
code = get_vlc2(gb, ff_vc1_norm2_vlc.table, VC1_NORM2_VLC_BITS, 1); code = get_vlc2(gb, ff_vc1_norm2_vlc.table, VC1_NORM2_VLC_BITS, 1);
*planep++ = code & 1; *planep++ = code & 1;
offset++; offset++;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment