avcodec/gifdec: check that the correct number of bytes was decoded

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f084c646637_9261_top_title_green_frog.gif
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index c7b9ac8..78c8900 100644 (file)
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -237,8 +237,12 @@ static int gif_read_image(GifState *s, AVFrame *frame)
     pass = 0;
     y1 = 0;
     for (y = 0; y < height; y++) {
-        if (ff_lzw_decode(s->lzw, s->idx_line, width) == 0)
+        int count = ff_lzw_decode(s->lzw, s->idx_line, width);
+        if (count != width) {
+            if (count)
+                av_log(s->avctx, AV_LOG_ERROR, "LZW decode failed\n");
             goto decode_tail;
+        }
 
         pr = ptr + width;