From d8798276b65543d921adadf63cc7f5ba2d1604af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Storsj=C3=B6?= Date: Thu, 19 Sep 2013 17:02:36 +0300 Subject: [PATCH] r3d: Add more input value validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö --- libavformat/r3d.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/r3d.c b/libavformat/r3d.c index 1da8b88d5b..74a1f2baa2 100644 --- a/libavformat/r3d.c +++ b/libavformat/r3d.c @@ -85,7 +85,7 @@ static int r3d_read_red1(AVFormatContext *s) framerate.num = avio_rb16(s->pb); framerate.den = avio_rb16(s->pb); - if (framerate.num && framerate.den) { + if (framerate.num > 0 && framerate.den > 0) { st->avg_frame_rate = framerate; } @@ -281,6 +281,10 @@ static int r3d_read_reda(AVFormatContext *s, AVPacket *pkt, Atom *atom) dts = avio_rb32(s->pb); st->codec->sample_rate = avio_rb32(s->pb); + if (st->codec->sample_rate <= 0) { + av_log(s, AV_LOG_ERROR, "Bad sample rate\n"); + return AVERROR_INVALIDDATA; + } samples = avio_rb32(s->pb);