dcstr: fix division by zero

Also check for possible overflows.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>

diff --git a/libavformat/dcstr.c b/libavformat/dcstr.c
index 69fae41..6035dd4 100644 (file)
--- a/libavformat/dcstr.c
+++ b/libavformat/dcstr.c
@@ -33,6 +33,7 @@ static int dcstr_probe(AVProbeData *p)
 static int dcstr_read_header(AVFormatContext *s)
 {
     unsigned codec, align;
+    int mult;
     AVStream *st;
 
     st = avformat_new_stream(s, NULL);
@@ -46,7 +47,12 @@ static int dcstr_read_header(AVFormatContext *s)
     align                  = avio_rl32(s->pb);
     avio_skip(s->pb, 4);
     st->duration           = avio_rl32(s->pb);
-    st->codecpar->channels   *= avio_rl32(s->pb);
+    mult                   = avio_rl32(s->pb);
+    if (st->codecpar->channels <= 0 || mult <= 0 || mult > INT_MAX / st->codecpar->channels) {
+        av_log(s, AV_LOG_ERROR, "invalid number of channels %d x %d\n", st->codecpar->channels, mult);
+        return AVERROR_INVALIDDATA;
+    }
+    st->codecpar->channels *= mult;
     if (!align || align > INT_MAX / st->codecpar->channels)
         return AVERROR_INVALIDDATA;
     st->codecpar->block_align = align * st->codecpar->channels;