The film_write_packet() function reads encoded_buf_size from packet data via AV_RB24() and uses it in a modulo operation without validation. When the data contains zeros at this position, it causes division by zero.
Add validation to return AVERROR_INVALIDDATA when encoded_buf_size is zero. Signed-off-by: Shubin123 <[email protected]> --- libavformat/segafilmenc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/segafilmenc.c b/libavformat/segafilmenc.c index 88a5b9f972..2206ff9033 100644 --- a/libavformat/segafilmenc.c +++ b/libavformat/segafilmenc.c @@ -58,6 +58,10 @@ static int film_write_packet(AVFormatContext *format_context, AVPacket *pkt) if (codec_id == AV_CODEC_ID_CINEPAK) { encoded_buf_size = AV_RB24(&pkt->data[1]); /* Already Sega Cinepak, so no need to reformat the packets */ + if (encoded_buf_size == 0) { + av_log(format_context, AV_LOG_ERROR, "Invalid encoded_buf_size 0\n"); + return AVERROR_INVALIDDATA; + } if (encoded_buf_size != pkt->size && (pkt->size % encoded_buf_size) != 0) { avio_write(pb, pkt->data, pkt->size); } else { -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
