From 7f09791d28c82c9169d1612a6192851837341ca9 Mon Sep 17 00:00:00 2001
From: Oana Stratulat <oanaandreeastratulat@gmail.com>
Date: Thu, 5 Jan 2012 01:08:05 +0200
Subject: Report an error if pitch_lag is zero in AMR-NB decoder.

This fixes an infinite loop in the decoder on specially
crafted files, and fixes bug 151.

Signed-off-by: Ronald S. Bultje <rsbultje@gmail.com>
---
 libavcodec/amrnbdec.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libavcodec/amrnbdec.c')

diff --git a/libavcodec/amrnbdec.c b/libavcodec/amrnbdec.c
index 926014f83c..fff0e7248a 100644
--- a/libavcodec/amrnbdec.c
+++ b/libavcodec/amrnbdec.c
@@ -977,6 +977,10 @@ static int amrnb_decode_frame(AVCodecContext *avctx, void *data,
 
         pitch_sharpening(p, subframe, p->cur_frame_mode, &fixed_sparse);
 
+        if (fixed_sparse.pitch_lag == 0) {
+            av_log(avctx, AV_LOG_ERROR, "The file is corrupted, pitch_lag = 0 is not allowed\n");
+            return AVERROR_INVALIDDATA;
+        }
         ff_set_fixed_vector(p->fixed_vector, &fixed_sparse, 1.0,
                             AMR_SUBFRAME_SIZE);
 
-- 
cgit v1.2.3