From 9ee0cd2190cabcc5b9f92c4d64da9ef28d60022d Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 3 Nov 2023 00:33:41 +0100
Subject: [PATCH] avformat/lafdec: Check for 0 parameters

Fixes: Timeout
Fixes: 63661/clusterfuzz-testcase-minimized-ffmpeg_dem_LAF_fuzzer-6615365234589696

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Sean McGovern <gseanmcg@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 4fb9d946883ba8a3e21a9e756aa27349e6e22cef)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/lafdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavformat/lafdec.c b/libavformat/lafdec.c
index 59a59dcfe9..b867f106ae 100644
--- a/libavformat/lafdec.c
+++ b/libavformat/lafdec.c
@@ -139,7 +139,9 @@ static int laf_read_header(AVFormatContext *ctx)
     s->index = 0;
     s->stored_index = 0;
     s->bpp = bpp;
-    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX)
+    if ((int64_t)bpp * st_count * (int64_t)sample_rate >= INT32_MAX ||
+        (int64_t)bpp * st_count * (int64_t)sample_rate == 0
+    )
         return AVERROR_INVALIDDATA;
     s->data = av_calloc(st_count * sample_rate, bpp);
     if (!s->data)