aacpsy: avoid psy_band->threshold becoming NaN

If band->thr is 0.0f, the division is undefined, making norm_fac not a
number or infinity, which causes psy_band->threshold to become NaN.

This is passed on to other variables until it finally reaches
sce->sf_idx and is converted to an integer (-2147483648).

This causes a segmentation fault when it is used as array index.

Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Reviewed-by: Claudio Freire <klaussfreire@gmail.com>
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

diff --git a/libavcodec/aacpsy.c b/libavcodec/aacpsy.c
index d1e65f660754f523298e63cf3a06690e2385f8b6..7205ee3bdb8ee91b11311ae3de5e1cddb8619120 100644 (file)
--- a/libavcodec/aacpsy.c
+++ b/libavcodec/aacpsy.c
@@ -727,7 +727,10 @@ static void psy_3gpp_analyze_channel(FFPsyContext *ctx, int channel,
                     if (active_lines > 0.0f)
                         band->thr = calc_reduced_thr_3gpp(band, coeffs[g].min_snr, reduction);
                     pe += calc_pe_3gpp(band);
-                    band->norm_fac = band->active_lines / band->thr;
+                    if (band->thr > 0.0f)
+                        band->norm_fac = band->active_lines / band->thr;
+                    else
+                        band->norm_fac = 0.0f;
                     norm_fac += band->norm_fac;
                 }
             }