x264: Check memory allocation

[ffmpeg] / libavformat / vqf.c

diff --git a/libavformat/vqf.c b/libavformat/vqf.c
index ab1042aa29568ad4c057fc1732f93195f4107fb1..c04ffe74ee506506cc5b672ff8aab45563a6671f 100644 (file)
--- a/libavformat/vqf.c
+++ b/libavformat/vqf.c
@@ -174,10 +174,21 @@ static int vqf_read_header(AVFormatContext *s)
         st->codec->sample_rate = 11025;
         break;
     default:
+        if (rate_flag < 8 || rate_flag > 44) {
+            av_log(s, AV_LOG_ERROR, "Invalid rate flag %d\n", rate_flag);
+            return AVERROR_INVALIDDATA;
+        }
         st->codec->sample_rate = rate_flag*1000;
         break;
     }
 
+    if (read_bitrate / st->codec->channels <  8 ||
+        read_bitrate / st->codec->channels > 48) {
+        av_log(s, AV_LOG_ERROR, "Invalid bitrate per channel %d\n",
+               read_bitrate / st->codec->channels);
+        return AVERROR_INVALIDDATA;
+    }
+
     switch (((st->codec->sample_rate/1000) << 8) +
             read_bitrate/st->codec->channels) {
     case (11<<8) + 8 :
@@ -261,7 +272,7 @@ static int vqf_read_seek(AVFormatContext *s,
     st->cur_dts = av_rescale(pos, st->time_base.den,
                              st->codec->bit_rate * (int64_t)st->time_base.num);
 
-    if ((ret = avio_seek(s->pb, ((pos-7) >> 3) + s->data_offset, SEEK_SET)) < 0)
+    if ((ret = avio_seek(s->pb, ((pos-7) >> 3) + s->internal->data_offset, SEEK_SET)) < 0)
         return ret;
 
     c->remaining_bits = -7 - ((pos-7)&7);