[FFmpeg-cvslog] mvi: Add sanity checking for the audio frame size

[Martin Storsjö]

ffmpeg | branch: master | Martin Storsjö <martin at martin.st> | Sat Sep 28 23:26:18 2013 +0300| [28ff439efd2362fb21e1a78610737f2e26a72d8f] | committer: Martin Storsjö

mvi: Add sanity checking for the audio frame size

This avoids a division by zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=28ff439efd2362fb21e1a78610737f2e26a72d8f
---

 libavformat/mvi.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/mvi.c b/libavformat/mvi.c
index 7fb163b..69b0aed 100644
--- a/libavformat/mvi.c
+++ b/libavformat/mvi.c
@@ -94,6 +94,12 @@ static int read_header(AVFormatContext *s)
     mvi->get_int = (vst->codec->width * vst->codec->height < (1 << 16)) ? avio_rl16 : avio_rl24;
 
     mvi->audio_frame_size   = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count;
+    if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) {
+        av_log(s, AV_LOG_ERROR, "Invalid audio_data_size (%d) or frames_count (%d)\n",
+               mvi->audio_data_size, frames_count);
+        return AVERROR_INVALIDDATA;
+    }
+
     mvi->audio_size_counter = (ast->codec->sample_rate * 830 / mvi->audio_frame_size - 1) * mvi->audio_frame_size;
     mvi->audio_size_left    = mvi->audio_data_size;