From 169c1cfa928040b83f2ac8386333ec5e5cff3df7 Mon Sep 17 00:00:00 2001
From: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
Date: Thu, 15 Dec 2016 02:14:54 +0100
Subject: pvfdec: prevent overflow during block alignment calculation

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun@googlemail.com>
---
 libavformat/pvfdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'libavformat')

diff --git a/libavformat/pvfdec.c b/libavformat/pvfdec.c
index b9f6d4f2c2..c6652b9b43 100644
--- a/libavformat/pvfdec.c
+++ b/libavformat/pvfdec.c
@@ -19,6 +19,7 @@
  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
  */
 
+#include "libavcodec/internal.h"
 #include "avformat.h"
 #include "internal.h"
 #include "pcm.h"
@@ -44,7 +45,8 @@ static int pvf_read_header(AVFormatContext *s)
                &bps) != 3)
         return AVERROR_INVALIDDATA;
 
-    if (channels <= 0 || bps <= 0 || sample_rate <= 0)
+    if (channels <= 0 || channels > FF_SANE_NB_CHANNELS ||
+        bps <= 0 || bps > INT_MAX / FF_SANE_NB_CHANNELS || sample_rate <= 0)
         return AVERROR_INVALIDDATA;
 
     st = avformat_new_stream(s, NULL);
-- 
cgit v1.2.3