avformat/rmdec: check against mismatching int4 interleaver parameters which would leave uninitialized holes

Fixes use of uninitialized memory Fixes: msan_uninit-mem_7f9cf38857c0_4582_coop.ra Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2013-12-23 18:09:58 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2013-12-26 04:02:40 +0100
commit: 4e394a98f2ea2e255703dcc4af050fe21e4f738f (patch)
tree: 6732b3f7b11f2af95c5806348c82855309a372e7
parent: 1486ed0815a1f175060fa412aa917accba67c060 (diff)
download: ffmpeg-4e394a98f2ea2e255703dcc4af050fe21e4f738f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 23e0f9cc49..97be4b1cd9 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -271,6 +271,10 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
                 sub_packet_h <= 1 ||
                 ast->coded_framesize * sub_packet_h > (2 + (sub_packet_h & 1)) * ast->audio_framesize)
                 return AVERROR_INVALIDDATA;
+            if (ast->coded_framesize * sub_packet_h != 2*ast->audio_framesize) {
+                avpriv_request_sample(s, "mismatching interleaver parameters");
+                return AVERROR_INVALIDDATA;
+            }
             break;
         case DEINT_ID_GENR:
             if (ast->sub_packet_size <= 0 ||
author	Michael Niedermayer <michaelni@gmx.at>	2013-12-23 18:09:58 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2013-12-26 04:02:40 +0100
commit	4e394a98f2ea2e255703dcc4af050fe21e4f738f (patch)
tree	6732b3f7b11f2af95c5806348c82855309a372e7
parent	1486ed0815a1f175060fa412aa917accba67c060 (diff)
download	ffmpeg-4e394a98f2ea2e255703dcc4af050fe21e4f738f.tar.gz