| Message ID | 1380406879-6174-1-git-send-email-martin@martin.st |
|---|---|
| State | Committed |
| Commit | 9277050e2918e0a0df9689721a188a604d886616 |
| Headers | show |
On Sun, Sep 29, 2013 at 01:21:03AM +0300, Martin Storsjö wrote: > This avoids divisions by zero later (and possibly assertions in > time base scaling), since an invalid rate_flag combined with an > invalid bitrate below could pass the mode combination test. > > Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: libav-stable@libav.org > --- > libavformat/vqf.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavformat/vqf.c b/libavformat/vqf.c > index ab1042a..162c753 100644 > --- a/libavformat/vqf.c > +++ b/libavformat/vqf.c > @@ -174,6 +174,10 @@ static int vqf_read_header(AVFormatContext *s) > st->codec->sample_rate = 11025; > break; > default: > + if (rate_flag < 8 || rate_flag > 44) { > + av_log(s, AV_LOG_ERROR, "Invalid rate flag %d\n", rate_flag); > + return AVERROR_INVALIDDATA; > + } > st->codec->sample_rate = rate_flag*1000; > break; > } > -- looks OK
diff --git a/libavformat/vqf.c b/libavformat/vqf.c index ab1042a..162c753 100644 --- a/libavformat/vqf.c +++ b/libavformat/vqf.c @@ -174,6 +174,10 @@ static int vqf_read_header(AVFormatContext *s) st->codec->sample_rate = 11025; break; default: + if (rate_flag < 8 || rate_flag > 44) { + av_log(s, AV_LOG_ERROR, "Invalid rate flag %d\n", rate_flag); + return AVERROR_INVALIDDATA; + } st->codec->sample_rate = rate_flag*1000; break; }