@@ -42,6 +42,11 @@ static int parse_config_ALS(GetBitContext *gb, MPEG4AudioConfig *c)
// which are buggy in old ALS conformance files
c->sample_rate = get_bits_long(gb, 32);
+ if (c->sample_rate <= 0) {
+ av_log(NULL, AV_LOG_ERROR, "Invalid sample rate %d\n", c->sample_rate);
+ return AVERROR_INVALIDDATA;
+ }
+
// skip number of samples
skip_bits_long(gb, 32);
@@ -508,8 +508,10 @@ int ff_mp4_read_dec_config_descr(AVFormatContext *fc, AVStream *st, AVIOContext
return ret;
if (st->codecpar->codec_id == AV_CODEC_ID_AAC) {
MPEG4AudioConfig cfg = {0};
- avpriv_mpeg4audio_get_config(&cfg, st->codecpar->extradata,
- st->codecpar->extradata_size * 8, 1);
+ ret = avpriv_mpeg4audio_get_config(&cfg, st->codecpar->extradata,
+ st->codecpar->extradata_size * 8, 1);
+ if (ret < 0)
+ return ret;
st->codecpar->channels = cfg.channels;
if (cfg.object_type == 29 && cfg.sampling_index < 3) // old mp3on4
st->codecpar->sample_rate = avpriv_mpa_freq_tab[cfg.sampling_index];
A negative sample rate doesn't make sense and triggers assertions in av_rescale_rnd. Also check for errors from avpriv_mpeg4audio_get_config in ff_mp4_read_dec_config_descr. Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com> --- libavcodec/mpeg4audio.c | 5 +++++ libavformat/isom.c | 6 ++++-- 2 files changed, 9 insertions(+), 2 deletions(-)