[FFmpeg-cvslog] dcstr: fix division by zero

[Andreas Cadhalpun]

ffmpeg | branch: release/3.0 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Oct 20 20:13:54 2016 +0200| [e8ab2bd2ac85ad0b1013f247d35032b7cd7f771e] | committer: Andreas Cadhalpun

dcstr: fix division by zero

Also check for possible overflows.

Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit b0a043f51b8cc3b420dc3ceaa38fe9aa344799aa)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e8ab2bd2ac85ad0b1013f247d35032b7cd7f771e
---

 libavformat/dcstr.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c
index 2ae61de..e9714e5 100644
--- a/libavformat/dcstr.c
+++ b/libavformat/dcstr.c
@@ -33,6 +33,7 @@ static int dcstr_probe(AVProbeData *p)
 static int dcstr_read_header(AVFormatContext *s)
 {
     unsigned codec, align;
+    int mult;
     AVStream *st;
 
     st = avformat_new_stream(s, NULL);
@@ -46,7 +47,12 @@ static int dcstr_read_header(AVFormatContext *s)
     align                  = avio_rl32(s->pb);
     avio_skip(s->pb, 4);
     st->duration           = avio_rl32(s->pb);
-    st->codec->channels   *= avio_rl32(s->pb);
+    mult                   = avio_rl32(s->pb);
+    if (st->codec->channels <= 0 || mult <= 0 || mult > INT_MAX / st->codec->channels) {
+        av_log(s, AV_LOG_ERROR, "invalid number of channels %d x %d\n", st->codec->channels, mult);
+        return AVERROR_INVALIDDATA;
+    }
+    st->codec->channels *= mult;
     if (!align || align > INT_MAX / st->codec->channels)
         return AVERROR_INVALIDDATA;
     st->codec->block_align = align * st->codec->channels;