diff options
| author | Martin Storsjö <martin@martin.st> | 2013-09-19 17:02:36 +0300 |
|---|---|---|
| committer | Luca Barbato <lu_zero@gentoo.org> | 2013-10-04 04:45:35 +0200 |
| commit | 99fe4c577fc88dc7421b6aa6837e65401b5e56db (patch) | |
| tree | a70999f87b97488bba3722f6cc89557db94f16c6 | |
| parent | 98e1f0a2db41fff12d88b9bf1f903b5410bcd03a (diff) | |
| download | ffmpeg-99fe4c577fc88dc7421b6aa6837e65401b5e56db.tar.gz | |
r3d: Add more input value validation
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
Conflicts:
libavformat/r3d.c
| -rw-r--r-- | libavformat/r3d.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/libavformat/r3d.c b/libavformat/r3d.c index a4cb20add2..543043e9c9 100644 --- a/libavformat/r3d.c +++ b/libavformat/r3d.c @@ -87,7 +87,7 @@ static int r3d_read_red1(AVFormatContext *s) framerate.num = avio_rb16(s->pb); framerate.den = avio_rb16(s->pb); - if (framerate.num && framerate.den) { + if (framerate.num > 0 && framerate.den > 0) { #if FF_API_R_FRAME_RATE st->r_frame_rate = #endif @@ -286,6 +286,10 @@ static int r3d_read_reda(AVFormatContext *s, AVPacket *pkt, Atom *atom) dts = avio_rb32(s->pb); st->codec->sample_rate = avio_rb32(s->pb); + if (st->codec->sample_rate <= 0) { + av_log(s, AV_LOG_ERROR, "Bad sample rate\n"); + return AVERROR_INVALIDDATA; + } samples = avio_rb32(s->pb); |