From 0009457dc09739685ee192c90d6691e1663c8b9c Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Sun, 23 Oct 2016 16:05:01 +0200
Subject: [PATCH] ffmdec: validate sample_rate

A negative sample rate doesn't make sense and triggers assertions in
av_rescale_rnd.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/ffmdec.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/libavformat/ffmdec.c b/libavformat/ffmdec.c
index 16ba8ecf58e..6b09be24562 100644
--- a/libavformat/ffmdec.c
+++ b/libavformat/ffmdec.c
@@ -432,6 +432,11 @@ static int ffm2_read_header(AVFormatContext *s)
                 goto fail;
             }
             codec->sample_rate = avio_rb32(pb);
+            if (codec->sample_rate <= 0) {
+                av_log(s, AV_LOG_ERROR, "Invalid sample rate %d\n", codec->sample_rate);
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
             codec->channels = avio_rl16(pb);
             codec->frame_size = avio_rl16(pb);
             break;
@@ -628,6 +633,10 @@ static int ffm_read_header(AVFormatContext *s)
             break;
         case AVMEDIA_TYPE_AUDIO:
             codec->sample_rate = avio_rb32(pb);
+            if (codec->sample_rate <= 0) {
+                av_log(s, AV_LOG_ERROR, "Invalid sample rate %d\n", codec->sample_rate);
+                goto fail;
+            }
             codec->channels = avio_rl16(pb);
             codec->frame_size = avio_rl16(pb);
             break;
-- 
GitLab