From 050d8d727ad68925f1ce2ce7779432d07ee1adce Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Thu, 9 Jan 2014 22:59:51 +0100
Subject: [PATCH] avformat/rmdec: when reading audio blocks, dont leave holes
 when reading fails

The fate test is changed because the reference file depends on the use of
non cleared data at the very
end. Alternatively we could upload a new reference file, though that would
then have to be changed every time the handling of a truncated frame changes
or theres a change to error concealment, each time adding a new file ...

Fixes use of uninitialized memory
Fixed: msan_uninit-mem_7f3c02b81363_2787_RLG2_19.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 77d2a1ca595ebe082d35c4b624ac9a9145991494)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/rmdec.c | 16 +++++++++++++---
 tests/fate/real.mak |  3 ++-
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index b0876fe5bd..baf3f0706c 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -785,6 +785,16 @@ rm_ac3_swap_bytes (AVStream *st, AVPacket *pkt)
     }
 }
 
+static int readfull(AVFormatContext *s, AVIOContext *pb, uint8_t *dst, int n) {
+    int ret = avio_read(pb, dst, n);
+    if (ret != n) {
+        if (ret >= 0) memset(dst + ret, 0, n - ret);
+        else          memset(dst      , 0, n);
+        av_log(s, AV_LOG_ERROR, "Failed to fully read block\n");
+    }
+    return ret;
+}
+
 int
 ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb,
                     AVStream *st, RMStream *ast, int len, AVPacket *pkt,
@@ -817,14 +827,14 @@ ff_rm_parse_packet (AVFormatContext *s, AVIOContext *pb,
             switch (ast->deint_id) {
                 case DEINT_ID_INT4:
                     for (x = 0; x < h/2; x++)
-                        avio_read(pb, ast->pkt.data+x*2*w+y*cfs, cfs);
+                        readfull(s, pb, ast->pkt.data+x*2*w+y*cfs, cfs);
                     break;
                 case DEINT_ID_GENR:
                     for (x = 0; x < w/sps; x++)
-                        avio_read(pb, ast->pkt.data+sps*(h*x+((h+1)/2)*(y&1)+(y>>1)), sps);
+                        readfull(s, pb, ast->pkt.data+sps*(h*x+((h+1)/2)*(y&1)+(y>>1)), sps);
                     break;
                 case DEINT_ID_SIPR:
-                    avio_read(pb, ast->pkt.data + y * w, w);
+                    readfull(s, pb, ast->pkt.data + y * w, w);
                     break;
             }
 
diff --git a/tests/fate/real.mak b/tests/fate/real.mak
index 82d7e3a579..81237e484b 100644
--- a/tests/fate/real.mak
+++ b/tests/fate/real.mak
@@ -31,8 +31,9 @@ fate-sipr-8k5: CMD = pcm -i $(TARGET_SAMPLES)/sipr/sipr_8k5.rm
 fate-sipr-8k5: REF = $(SAMPLES)/sipr/sipr_8k5.pcm
 
 FATE_SIPR += fate-sipr-16k
-fate-sipr-16k: CMD = pcm -i $(TARGET_SAMPLES)/sipr/sipr_16k.rm
+fate-sipr-16k: CMD = pcm -i $(TARGET_SAMPLES)/sipr/sipr_16k.rm -aframes 3250
 fate-sipr-16k: REF = $(SAMPLES)/sipr/sipr_16k.pcm
+fate-sipr-16k: SIZE_TOLERANCE = 40000
 
 $(FATE_SIPR): CMP = oneoff