avformat/kvag: Check sample_rate

Fixes: Division by 0 Fixes: -copyts -start_at_zero -itsoffset 00:00:01 -itsscale 1 -ss 00:00:02 -i zgclab/ffmpeg_crash/poc1 output.mp4 Found-by: Wang Dawei and Zhou Geng, from Zhongguancun Laboratory Signed-off-by: Michael Niedermayer <[email protected]>
author: Michael Niedermayer <[email protected]> 2024-04-29 23:44:25 +0200
committer: Michael Niedermayer <[email protected]> 2024-05-01 02:57:12 +0200
commit: c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8 (patch)
tree: 2ba06f734d84633bb5998e30bb76ebba349df396
parent: 615c994739cacbeb0a2f48f8271d911fcd0b4303 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/libavformat/kvag.c b/libavformat/kvag.c
index 1d0aee0994..b55aa893ec 100644
--- a/libavformat/kvag.c
+++ b/libavformat/kvag.c
@@ -38,7 +38,7 @@
 typedef struct KVAGHeader {
     uint32_t    magic;
     uint32_t    data_size;
-    uint32_t    sample_rate;
+    int    sample_rate;
     uint16_t    stereo;
 } KVAGHeader;
 
@@ -70,6 +70,9 @@ static int kvag_read_header(AVFormatContext *s)
     hdr.sample_rate             = AV_RL32(buf +  8);
     hdr.stereo                  = AV_RL16(buf + 12);
 
+    if (hdr.sample_rate <= 0)
+        return AVERROR_INVALIDDATA;
+
     par                         = st->codecpar;
     par->codec_type             = AVMEDIA_TYPE_AUDIO;
     par->codec_id               = AV_CODEC_ID_ADPCM_IMA_SSI;
author	Michael Niedermayer <[email protected]>	2024-04-29 23:44:25 +0200
committer	Michael Niedermayer <[email protected]>	2024-05-01 02:57:12 +0200
commit	c26a762ea1bf028a33554a5f7a18d8dd7d82f5a8 (patch)
tree	2ba06f734d84633bb5998e30bb76ebba349df396
parent	615c994739cacbeb0a2f48f8271d911fcd0b4303 (diff)