[11/11] r3d: Add more input value validation

Message ID 1379599756-27062-11-git-send-email-martin@martin.st
State Committed
Commit d8798276b65543d921adadf63cc7f5ba2d1604af
Headers show

Commit Message

Martin Storsjö Sept. 19, 2013, 2:09 p.m.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
---
 libavformat/r3d.c |    6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Luca Barbato Sept. 19, 2013, 2:23 p.m. | #1
On 19/09/13 16:09, Martin Storsjö wrote:
> Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> CC: libav-stable@libav.org
> ---
>  libavformat/r3d.c |    6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
> 

Ok.

Patch

diff --git a/libavformat/r3d.c b/libavformat/r3d.c
index 1da8b88..74a1f2b 100644
--- a/libavformat/r3d.c
+++ b/libavformat/r3d.c
@@ -85,7 +85,7 @@  static int r3d_read_red1(AVFormatContext *s)
 
     framerate.num = avio_rb16(s->pb);
     framerate.den = avio_rb16(s->pb);
-    if (framerate.num && framerate.den) {
+    if (framerate.num > 0 && framerate.den > 0) {
         st->avg_frame_rate = framerate;
     }
 
@@ -281,6 +281,10 @@  static int r3d_read_reda(AVFormatContext *s, AVPacket *pkt, Atom *atom)
     dts = avio_rb32(s->pb);
 
     st->codec->sample_rate = avio_rb32(s->pb);
+    if (st->codec->sample_rate <= 0) {
+        av_log(s, AV_LOG_ERROR, "Bad sample rate\n");
+        return AVERROR_INVALIDDATA;
+    }
 
     samples = avio_rb32(s->pb);