diff mbox

[FFmpeg-devel,04/12] mov: validate sample_rate

Message ID 216075de-bf1a-d2cc-aa14-a66014bded22@googlemail.com
State Accepted
Commit fc022e77eed66ccfd7ac1788ba23f790c6769dee
Headers show

Commit Message

Andreas Cadhalpun Oct. 23, 2016, 4:28 p.m. UTC 
A negative sample rate doesn't make sense and triggers assertions in
av_rescale_rnd.

fate-aac-al07_96 fails if sample_rate == 0 is rejected in
ff_mov_read_stsd_entries.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/mov.c | 8 ++++++++
 1 file changed, 8 insertions(+)
diff mbox

Patch

diff --git a/libavformat/mov.c b/libavformat/mov.c
index dada1e0..0a3fdd1 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -888,6 +888,10 @@  static int mov_read_ddts(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     st = c->fc->streams[c->fc->nb_streams-1];
 
     st->codecpar->sample_rate = get_bits_long(&gb, 32);
+    if (st->codecpar->sample_rate <= 0) {
+        av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
+        return AVERROR_INVALIDDATA;
+    }
     skip_bits_long(&gb, 32); /* max bitrate */
     st->codecpar->bit_rate = get_bits_long(&gb, 32);
     st->codecpar->bits_per_coded_sample = get_bits(&gb, 8);
@@ -2273,6 +2277,10 @@  int ff_mov_read_stsd_entries(MOVContext *c, AVIOContext *pb, int entries)
         } else if (st->codecpar->codec_type==AVMEDIA_TYPE_AUDIO) {
             st->codecpar->codec_id = id;
             mov_parse_stsd_audio(c, pb, st, sc);
+            if (st->codecpar->sample_rate < 0) {
+                av_log(c->fc, AV_LOG_ERROR, "Invalid sample rate %d\n", st->codecpar->sample_rate);
+                return AVERROR_INVALIDDATA;
+            }
         } else if (st->codecpar->codec_type==AVMEDIA_TYPE_SUBTITLE){
             st->codecpar->codec_id = id;
             mov_parse_stsd_subtitle(c, pb, st, sc,