Description: fix denial of service via malformed APE file Origin: upstream, http://git.videolan.org/?p=ffmpeg.git;a=commit;h=18c5fe919f4b1818ebdf405812c5a2d16174688f Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628448 diff -Nur ffmpeg-0.6/libavformat/ape.c ffmpeg-0.6.new/libavformat/ape.c --- ffmpeg-0.6/libavformat/ape.c 2010-04-03 10:15:00.000000000 -0400 +++ ffmpeg-0.6.new/libavformat/ape.c 2011-09-16 09:32:19.786352149 -0400 @@ -242,6 +242,10 @@ url_fskip(pb, ape->wavheaderlength); } + if(!ape->totalframes){ + av_log(s, AV_LOG_ERROR, "No frames in the file!\n"); + return AVERROR(EINVAL); + } if(ape->totalframes > UINT_MAX / sizeof(APEFrame)){ av_log(s, AV_LOG_ERROR, "Too many frames: %d\n", ape->totalframes); return -1;