pvfdec: prevent overflow during block alignment calculation
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Thu, 15 Dec 2016 01:14:54 +0000 (02:14 +0100)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Sun, 29 Jan 2017 00:20:52 +0000 (01:20 +0100)
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavformat/pvfdec.c

index b9f6d4f..c6652b9 100644 (file)
@@ -19,6 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include "libavcodec/internal.h"
 #include "avformat.h"
 #include "internal.h"
 #include "pcm.h"
@@ -44,7 +45,8 @@ static int pvf_read_header(AVFormatContext *s)
                &bps) != 3)
         return AVERROR_INVALIDDATA;
 
-    if (channels <= 0 || bps <= 0 || sample_rate <= 0)
+    if (channels <= 0 || channels > FF_SANE_NB_CHANNELS ||
+        bps <= 0 || bps > INT_MAX / FF_SANE_NB_CHANNELS || sample_rate <= 0)
         return AVERROR_INVALIDDATA;
 
     st = avformat_new_stream(s, NULL);