From 5a76224c8826b3b7719a97e47ac9d2120a0fc419 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Mon, 26 Oct 2020 20:55:31 +0100
Subject: [PATCH] avformat/aiffdec: Check packet size

Fixes: Fixes infinite loop
Fixes: 26575/clusterfuzz-testcase-minimized-ffmpeg_dem_AIFF_fuzzer-5727522236661760

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 0ba71a72d3a617b255b71988a000d5093222f779)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/aiffdec.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/aiffdec.c b/libavformat/aiffdec.c
index 7c701e0c70..413ae54748 100644
--- a/libavformat/aiffdec.c
+++ b/libavformat/aiffdec.c
@@ -398,6 +398,8 @@ static int aiff_read_packet(AVFormatContext *s,
         break;
     default:
         size = st->codecpar->block_align ? (MAX_SIZE / st->codecpar->block_align) * st->codecpar->block_align : MAX_SIZE;
+        if (!size)
+            return AVERROR_INVALIDDATA;
     }
     size = FFMIN(max_size, size);
     res = av_get_packet(s->pb, pkt, size);