dsicin: Add some basic sanity checks for fields read from the file

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>

diff --git a/libavformat/dsicin.c b/libavformat/dsicin.c
index ecc8c0b6af320e260e3e4eff15c2218a34dbf6d6..6a7c8b948acc41ba305f2fb6e4bfad77ad292e4e 100644 (file)
--- a/libavformat/dsicin.c
+++ b/libavformat/dsicin.c
@@ -154,6 +154,8 @@ static int cin_read_frame_header(CinDemuxContext *cin, AVIOContext *pb) {
 
     if (avio_rl32(pb) != 0xAA55AA55)
         return AVERROR_INVALIDDATA;
+    if (hdr->video_frame_size < 0 || hdr->audio_frame_size < 0)
+        return AVERROR_INVALIDDATA;
 
     return 0;
 }