From: Michael Niedermayer <michaelni@gmx.at>
Date: Sun, 22 Dec 2013 23:17:52 +0000 (+0100)
Subject: avcodec/wavpack: clear remainder of data in case of error in wv_unpack_mono/stereo()
X-Git-Tag: android-x86-6.0-r1~8157
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=866c44d4b0f90d448cffbe9d4422a2dec7df698b;p=android-x86%2Fexternal-ffmpeg.git

avcodec/wavpack: clear remainder of data in case of error in wv_unpack_mono/stereo()

Fixes use of uninitialized data
Fixes: msan_uninit-mem_7fd85b654950_4005_because.wv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 6036a5c7dd..e1abe8d512 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -487,6 +487,13 @@ static inline int wv_unpack_stereo(WavpackFrameContext *s, GetBitContext *gb,
     } while (!last && count < s->samples);
 
     wv_reset_saved_context(s);
+
+    if (last && count < s->samples) {
+        int size = av_get_bytes_per_sample(type);
+        memset(dst_l + count*size, 0, (s->samples-count)*size);
+        memset(dst_r + count*size, 0, (s->samples-count)*size);
+    }
+
     if ((s->avctx->err_recognition & AV_EF_CRCCHECK) &&
         wv_check_crc(s, crc, crc_extra_bits))
         return AVERROR_INVALIDDATA;
@@ -548,6 +555,12 @@ static inline int wv_unpack_mono(WavpackFrameContext *s, GetBitContext *gb,
     } while (!last && count < s->samples);
 
     wv_reset_saved_context(s);
+
+    if (last && count < s->samples) {
+        int size = av_get_bytes_per_sample(type);
+        memset(dst + count*size, 0, (s->samples-count)*size);
+    }
+
     if (s->avctx->err_recognition & AV_EF_CRCCHECK) {
         int ret = wv_check_crc(s, crc, crc_extra_bits);
         if (ret < 0 && s->avctx->err_recognition & AV_EF_EXPLODE)