From 8faabf3bd29cf587a8c5b8aa38836e9c99dba054 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Wed, 18 Dec 2013 23:13:15 +0100
Subject: [PATCH] avformat/ipmovie: Check that the OPCODE_INIT_AUDIO_BUFFERS
 size is large enough

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f75b03c1f19_4820_descent3_level5_16bit_partial.mve
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavformat/ipmovie.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/ipmovie.c b/libavformat/ipmovie.c
index 57664f1539..6d2cc058c0 100644
--- a/libavformat/ipmovie.c
+++ b/libavformat/ipmovie.c
@@ -339,7 +339,7 @@ static int process_ipmovie_chunk(IPMVEContext *s, AVIOContext *pb,
 
         case OPCODE_INIT_AUDIO_BUFFERS:
             av_dlog(NULL, "initialize audio buffers\n");
-            if ((opcode_version > 1) || (opcode_size > 10)) {
+            if ((opcode_version > 1) || (opcode_size > 10) || opcode_size < 6) {
                 av_dlog(NULL, "bad init_audio_buffers opcode\n");
                 chunk_type = CHUNK_BAD;
                 break;