From a3d3a580263df01d69977d1b6042c0f71965b168 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kacper=20Michaj=C5=82ow?= <kasper93@gmail.com>
Date: Sat, 11 May 2024 13:34:32 +0200
Subject: [PATCH] avformat/rpl: reject invalid sample rate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes overflow check for bit_rate multiplication few lines below.

Found by OSS-Fuzz.

Signed-off-by: Kacper Michajłow <kasper93@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/rpl.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/rpl.c b/libavformat/rpl.c
index 09d0b68f74..32a762b60a 100644
--- a/libavformat/rpl.c
+++ b/libavformat/rpl.c
@@ -202,6 +202,8 @@ static int rpl_read_header(AVFormatContext *s)
         ast->codecpar->codec_type      = AVMEDIA_TYPE_AUDIO;
         ast->codecpar->codec_tag       = audio_format;
         ast->codecpar->sample_rate     = read_line_and_int(pb, &error);  // audio bitrate
+        if (ast->codecpar->sample_rate < 0)
+            return AVERROR_INVALIDDATA;
         channels                       = read_line_and_int(pb, &error);  // number of audio channels
         error |= read_line(pb, line, sizeof(line));
         ast->codecpar->bits_per_coded_sample = read_int(line, &endptr, &error);  // audio bits per sample