[FFmpeg-devel] [PATCH 07/12] mpeg4audio: validate sample_rate

[Andreas Cadhalpun]

A negative sample rate doesn't make sense and triggers assertions in
av_rescale_rnd.

Also check for errors from avpriv_mpeg4audio_get_config in
ff_mp4_read_dec_config_descr.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
 libavcodec/mpeg4audio.c | 5 +++++
 libavformat/isom.c      | 6 ++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/libavcodec/mpeg4audio.c b/libavcodec/mpeg4audio.c
index 188d843..01c374f 100644
--- a/libavcodec/mpeg4audio.c
+++ b/libavcodec/mpeg4audio.c
@@ -42,6 +42,11 @@ static int parse_config_ALS(GetBitContext *gb, MPEG4AudioConfig *c)
     // which are buggy in old ALS conformance files
     c->sample_rate = get_bits_long(gb, 32);
 
+    if (c->sample_rate <= 0) {
+        av_log(NULL, AV_LOG_ERROR, "Invalid sample rate %d\n", c->sample_rate);
+        return AVERROR_INVALIDDATA;
+    }
+
     // skip number of samples
     skip_bits_long(gb, 32);
 
diff --git a/libavformat/isom.c b/libavformat/isom.c
index cb457dd..88f8605 100644
--- a/libavformat/isom.c
+++ b/libavformat/isom.c
@@ -508,8 +508,10 @@ int ff_mp4_read_dec_config_descr(AVFormatContext *fc, AVStream *st, AVIOContext
             return ret;
         if (st->codecpar->codec_id == AV_CODEC_ID_AAC) {
             MPEG4AudioConfig cfg = {0};
-            avpriv_mpeg4audio_get_config(&cfg, st->codecpar->extradata,
-                                         st->codecpar->extradata_size * 8, 1);
+            ret = avpriv_mpeg4audio_get_config(&cfg, st->codecpar->extradata,
+                                               st->codecpar->extradata_size * 8, 1);
+            if (ret < 0)
+                return ret;
             st->codecpar->channels = cfg.channels;
             if (cfg.object_type == 29 && cfg.sampling_index < 3) // old mp3on4
                 st->codecpar->sample_rate = avpriv_mpa_freq_tab[cfg.sampling_index];
-- 
2.9.3