X-Git-Url: https://git.sesse.net/?a=blobdiff_plain;f=libavformat%2Fgenh.c;h=698104a9d61974b1917092cb0775b4b5e48b1469;hb=0181162bb54ce62ec212436a12d059726d8cd1df;hp=dd4e76d3d95f2e67dfa28c18476e6aa68c5f4252;hpb=94346ab593f3fc0822f11d3e3f378f9944ad2d40;p=ffmpeg

diff --git a/libavformat/genh.c b/libavformat/genh.c
index dd4e76d3d95..698104a9d61 100644
--- a/libavformat/genh.c
+++ b/libavformat/genh.c
@@ -29,7 +29,7 @@ typedef struct GENHDemuxContext {
     unsigned interleave_size;
 } GENHDemuxContext;
 
-static int genh_probe(AVProbeData *p)
+static int genh_probe(const AVProbeData *p)
 {
     if (AV_RL32(p->buf) != MKTAG('G','E','N','H'))
         return 0;
@@ -87,7 +87,9 @@ static int genh_read_header(AVFormatContext *s)
     case  5: st->codecpar->codec_id = st->codecpar->block_align > 0 ?
                                    AV_CODEC_ID_PCM_S8_PLANAR :
                                    AV_CODEC_ID_PCM_S8;           break;
-    case  6: st->codecpar->codec_id = AV_CODEC_ID_SDX2_DPCM;        break;
+    case  6: if (st->codecpar->block_align > INT_MAX/1024)
+                 return AVERROR_INVALIDDATA;
+             st->codecpar->codec_id = AV_CODEC_ID_SDX2_DPCM;        break;
     case  7: ret = ff_alloc_extradata(st->codecpar, 2);
              if (ret < 0)
                  return ret;
@@ -144,6 +146,9 @@ static int genh_read_header(AVFormatContext *s)
         }
     }
 
+    if (st->codecpar->block_align <= 0)
+        return AVERROR_INVALIDDATA;
+
     avio_skip(s->pb, start_offset - avio_tell(s->pb));
 
     avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate);