From 4e394a98f2ea2e255703dcc4af050fe21e4f738f Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 23 Dec 2013 18:09:58 +0100
Subject: [PATCH] avformat/rmdec: check against mismatching int4 interleaver
 parameters which would leave uninitialized holes

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f9cf38857c0_4582_coop.ra
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/rmdec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 23e0f9cc49..97be4b1cd9 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -271,6 +271,10 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
                 sub_packet_h <= 1 ||
                 ast->coded_framesize * sub_packet_h > (2 + (sub_packet_h & 1)) * ast->audio_framesize)
                 return AVERROR_INVALIDDATA;
+            if (ast->coded_framesize * sub_packet_h != 2*ast->audio_framesize) {
+                avpriv_request_sample(s, "mismatching interleaver parameters");
+                return AVERROR_INVALIDDATA;
+            }
             break;
         case DEINT_ID_GENR:
             if (ast->sub_packet_size <= 0 ||