epafdec: prevent overflow during block alignment calculation
authorAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Fri, 6 Jan 2017 19:31:21 +0000 (20:31 +0100)
committerAndreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Mon, 30 Jan 2017 00:40:48 +0000 (01:40 +0100)
Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
libavformat/epafdec.c

index 29190ff..0cd9627 100644 (file)
@@ -20,6 +20,7 @@
  */
 
 #include "libavutil/intreadwrite.h"
+#include "libavcodec/internal.h"
 #include "avformat.h"
 #include "internal.h"
 #include "pcm.h"
@@ -59,7 +60,7 @@ static int epaf_read_header(AVFormatContext *s)
         channels    = avio_rb32(s->pb);
     }
 
-    if (!channels || !sample_rate)
+    if (channels <= 0 || channels > FF_SANE_NB_CHANNELS || sample_rate <= 0)
         return AVERROR_INVALIDDATA;
 
     st = avformat_new_stream(s, NULL);