This avoids divisions by zero later (and possibly assertions in time base scaling), since an invalid rate_flag combined with an invalid bitrate below could pass the mode combination test.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind CC: [email protected] --- libavformat/vqf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavformat/vqf.c b/libavformat/vqf.c index ab1042a..162c753 100644 --- a/libavformat/vqf.c +++ b/libavformat/vqf.c @@ -174,6 +174,10 @@ static int vqf_read_header(AVFormatContext *s) st->codec->sample_rate = 11025; break; default: + if (rate_flag < 8 || rate_flag > 44) { + av_log(s, AV_LOG_ERROR, "Invalid rate flag %d\n", rate_flag); + return AVERROR_INVALIDDATA; + } st->codec->sample_rate = rate_flag*1000; break; } -- 1.7.9.4 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
