From 8668957ef604bd2b99175310638bc5031ae0d991 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Sun, 9 Feb 2025 01:28:17 +0100
Subject: [PATCH] avformat/iff: Check that we have a stream in read_dst_frame()

Fixes: null pointer dereference
Fixes: 385644864/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-4551049565765632

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Reviewed-by: Peter Ross <pross@xvid.org>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iff.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/iff.c b/libavformat/iff.c
index 38f90dd81c..7142a06e98 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -364,6 +364,9 @@ static int read_dst_frame(AVFormatContext *s, AVPacket *pkt)
     uint64_t chunk_pos, data_pos, data_size;
     int ret = AVERROR_EOF;
 
+    if (s->nb_streams < 1)
+        return AVERROR_INVALIDDATA;
+
     while (!avio_feof(pb)) {
         chunk_pos = avio_tell(pb);
         if (chunk_pos >= iff->body_end)