From ea2a3222feb36139ec3a927427904d803f97e358 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 8 May 2025 23:10:52 +0200
Subject: [PATCH] avformat/iff: Check nb_channels == 0 in MHDR

Fixes: division by 0
Fixes: 395163171/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-542604339373670

Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit ce1fd73d637a34551161fd8054ce3d410631982c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iff.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/iff.c b/libavformat/iff.c
index 1061f9757e..dac33fef21 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -495,6 +495,8 @@ static int iff_read_header(AVFormatContext *s)
                 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
             else if (st->codecpar->ch_layout.nb_channels == 2)
                 st->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_STEREO;
+            else if (st->codecpar->ch_layout.nb_channels == 0)
+                return AVERROR_INVALIDDATA;
             break;
 
         case ID_ABIT: