From 5b47c19bfda92273ae49e83db26a565afcaed80a Mon Sep 17 00:00:00 2001
From: Luca Barbato <lu_zero@gentoo.org>
Date: Sun, 24 Feb 2013 12:30:30 +0100
Subject: [PATCH] vorbisdec: Add missing checks

Rate and order must not be 0 even if the specification does not say that
explicitly.
---
 libavcodec/vorbisdec.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index 9200ca0d0ac..7575ee41819 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -584,7 +584,17 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc)
             floor_setup->decode = vorbis_floor0_decode;
 
             floor_setup->data.t0.order          = get_bits(gb,  8);
+            if (!floor_setup->data.t0.order) {
+                av_log(vc->avccontext, AV_LOG_ERROR,
+                       "Floor 0 order is 0.\n");
+                return AVERROR_INVALIDDATA;
+            }
             floor_setup->data.t0.rate           = get_bits(gb, 16);
+            if (!floor_setup->data.t0.rate) {
+                av_log(vc->avccontext, AV_LOG_ERROR,
+                       "Floor 0 rate is 0.\n");
+                return AVERROR_INVALIDDATA;
+            }
             floor_setup->data.t0.bark_map_size  = get_bits(gb, 16);
             if (!floor_setup->data.t0.bark_map_size) {
                 av_log(vc->avccontext, AV_LOG_ERROR,
-- 
GitLab