From 42a1f1d7a8cf67eed68db596d6a1e53c0c36e4ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Reimar=20D=C3=B6ffinger?= <Reimar.Doeffinger@gmx.de>
Date: Fri, 30 Dec 2011 10:42:55 +0100
Subject: [PATCH] Avoid uninitialized data in lcldec when ofs is 0 in MSZH.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger@gmx.de>
---
 libavcodec/lcldec.c | 8 +++++++-
 libavutil/lzo.h     | 3 ---
 2 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/libavcodec/lcldec.c b/libavcodec/lcldec.c
index e288fc3f63a..57b04f79f10 100644
--- a/libavcodec/lcldec.c
+++ b/libavcodec/lcldec.c
@@ -96,7 +96,13 @@ static unsigned int mszh_decomp(const unsigned char * srcptr, int srclen, unsign
             ofs = FFMIN(ofs, destptr - destptr_bak);
             cnt *= 4;
             cnt = FFMIN(cnt, destptr_end - destptr);
-            av_memcpy_backptr(destptr, ofs, cnt);
+            if (ofs) {
+                av_memcpy_backptr(destptr, ofs, cnt);
+            } else {
+                // Not known what the correct behaviour is, but
+                // this at least avoids uninitialized data.
+                memset(destptr, 0, cnt);
+            }
             destptr += cnt;
         }
         maskbit >>= 1;
diff --git a/libavutil/lzo.h b/libavutil/lzo.h
index 379c08c8c75..060b5c9d765 100644
--- a/libavutil/lzo.h
+++ b/libavutil/lzo.h
@@ -67,9 +67,6 @@ int av_lzo1x_decode(void *out, int *outlen, const void *in, int *inlen);
  *
  * cnt > back is valid, this will copy the bytes we just copied,
  * thus creating a repeating pattern with a period length of back.
- * Note that lcldec currently can set back == 0 - which is wrong and
- * makes no sense, but the code should at least avoid crashing or hanging
- * for this case.
  */
 void av_memcpy_backptr(uint8_t *dst, int back, int cnt);
 
-- 
GitLab