From ed1eb9602c962e2e7c5ef298c2e17c150dc2c912 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Mon, 6 Jan 2014 22:58:24 +0100
Subject: [PATCH] avformat/rmdec: check that sub_packet_size fit in the packet
 for DEINT_ID_GENR

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7fa8c49400d0_3923_audiosig.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/rmdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 8feef54f60..b1025a5955 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -270,6 +270,8 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
             if (ast->sub_packet_size <= 0 ||
                 ast->sub_packet_size > ast->audio_framesize)
                 return AVERROR_INVALIDDATA;
+            if (ast->audio_framesize % ast->sub_packet_size)
+                return AVERROR_INVALIDDATA;
             break;
         case DEINT_ID_SIPR:
         case DEINT_ID_INT0:
-- 
2.11.0