mvi: Add sanity checking for the audio frame size

This avoids a division by zero. Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: libav-stable@libav.org Signed-off-by: Martin Storsjö <martin@martin.st> (cherry picked from commit 28ff439efd2362fb21e1a78610737f2e26a72d8f) Signed-off-by: Luca Barbato <lu_zero@gentoo.org> (cherry picked from commit 04d2f9ace3fb6e880f3488770fc5a39de5b63cbb)
author: Martin Storsjö <martin@martin.st> 2013-09-28 23:26:18 +0300
committer: Luca Barbato <lu_zero@gentoo.org> 2014-01-07 09:43:57 +0100
commit: 35c39d2ee2a2ff6f8200b5725dd9bf443dba55c7 (patch)
tree: f9cebc0e23a2e7e235a1681c4c846e1a847b6272
parent: ea1c9424d1c425c657b43fbba478e65af2e2c774 (diff)
download: ffmpeg-35c39d2ee2a2ff6f8200b5725dd9bf443dba55c7.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/libavformat/mvi.c b/libavformat/mvi.c
index 4782aad479..51ffb6c600 100644
--- a/libavformat/mvi.c
+++ b/libavformat/mvi.c
@@ -91,6 +91,12 @@ static int read_header(AVFormatContext *s, AVFormatParameters *ap)
     mvi->get_int = (vst->codec->width * vst->codec->height < (1 << 16)) ? avio_rl16 : avio_rl24;
 
     mvi->audio_frame_size   = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count;
+    if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) {
+        av_log(s, AV_LOG_ERROR, "Invalid audio_data_size (%d) or frames_count (%d)\n",
+               mvi->audio_data_size, frames_count);
+        return AVERROR_INVALIDDATA;
+    }
+
     mvi->audio_size_counter = (ast->codec->sample_rate * 830 / mvi->audio_frame_size - 1) * mvi->audio_frame_size;
     mvi->audio_size_left    = mvi->audio_data_size;
author	Martin Storsjö <martin@martin.st>	2013-09-28 23:26:18 +0300
committer	Luca Barbato <lu_zero@gentoo.org>	2014-01-07 09:43:57 +0100
commit	35c39d2ee2a2ff6f8200b5725dd9bf443dba55c7 (patch)
tree	f9cebc0e23a2e7e235a1681c4c846e1a847b6272
parent	ea1c9424d1c425c657b43fbba478e65af2e2c774 (diff)
download	ffmpeg-35c39d2ee2a2ff6f8200b5725dd9bf443dba55c7.tar.gz