From 8fe3566b8fdf4bcf5eed419c1aab6eb848287ff3 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 29 Sep 2021 20:49:27 +0200
Subject: [PATCH] avformat/rmdec: Check for multiple audio_stream_info

Fixes: memleak
Fixes: 39166/clusterfuzz-testcase-minimized-ffmpeg_dem_IVR_fuzzer-5153276690038784

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/rmdec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index d4ba6622a6..3a3f6aaf09 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -127,6 +127,10 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
     uint32_t version;
     int ret;
 
+    // Duplicate tags
+    if (st->codecpar->codec_type == AVMEDIA_TYPE_AUDIO)
+        return AVERROR_INVALIDDATA;
+
     /* ra type header */
     version = avio_rb16(pb); /* version */
     if (version == 3) {