From 4c53f4aed3edfa58360c7a2a468782eae31d3176 Mon Sep 17 00:00:00 2001
From: Justin Ruggles <justin.ruggles@gmail.com>
Date: Tue, 23 Oct 2012 00:40:51 -0400
Subject: shorten: validate that the channel count in the header is not <= 0

---
 libavcodec/shorten.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libavcodec/shorten.c')

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 1664a907ae..be2b8e20e9 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -342,7 +342,7 @@ static int read_header(ShortenContext *s)
     s->internal_ftype = get_uint(s, TYPESIZE);
 
     s->channels = get_uint(s, CHANSIZE);
-    if (s->channels > MAX_CHANNELS) {
+    if (s->channels <= 0 || s->channels > MAX_CHANNELS) {
         av_log(s->avctx, AV_LOG_ERROR, "too many channels: %d\n", s->channels);
         return -1;
     }
-- 
cgit v1.2.3