[FFmpeg-cvslog] mvi: Add sanity checking for the audio frame size

[Martin Storsjö]

ffmpeg | branch: release/1.1 | Martin Storsjö <martin at martin.st> | Sat Sep 28 23:26:18 2013 +0300| [04d2f9ace3fb6e880f3488770fc5a39de5b63cbb] | committer: Luca Barbato

mvi: Add sanity checking for the audio frame size

This avoids a division by zero.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit 28ff439efd2362fb21e1a78610737f2e26a72d8f)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=04d2f9ace3fb6e880f3488770fc5a39de5b63cbb
---

 libavformat/mvi.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavformat/mvi.c b/libavformat/mvi.c
index 10ec8bb..65096f1 100644
--- a/libavformat/mvi.c
+++ b/libavformat/mvi.c
@@ -93,6 +93,12 @@ static int read_header(AVFormatContext *s)
     mvi->get_int = (vst->codec->width * vst->codec->height < (1 << 16)) ? avio_rl16 : avio_rl24;
 
     mvi->audio_frame_size   = ((uint64_t)mvi->audio_data_size << MVI_FRAC_BITS) / frames_count;
+    if (mvi->audio_frame_size <= 1 << MVI_FRAC_BITS - 1) {
+        av_log(s, AV_LOG_ERROR, "Invalid audio_data_size (%d) or frames_count (%d)\n",
+               mvi->audio_data_size, frames_count);
+        return AVERROR_INVALIDDATA;
+    }
+
     mvi->audio_size_counter = (ast->codec->sample_rate * 830 / mvi->audio_frame_size - 1) * mvi->audio_frame_size;
     mvi->audio_size_left    = mvi->audio_data_size;