From ce1fd73d637a34551161fd8054ce3d410631982c Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Thu, 8 May 2025 23:10:52 +0200
Subject: [PATCH] avformat/iff: Check nb_channels == 0 in MHDR

Fixes: division by 0
Fixes: 395163171/clusterfuzz-testcase-minimized-ffmpeg_dem_IFF_fuzzer-542604339373670

Reviewed-by: Peter Ross <pross@xvid.org>
Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/iff.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/iff.c b/libavformat/iff.c
index 7142a06e98..9402be48c9 100644
--- a/libavformat/iff.c
+++ b/libavformat/iff.c
@@ -510,6 +510,8 @@ static int iff_read_header(AVFormatContext *s)
                 sta->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_MONO;
             else if (sta->codecpar->ch_layout.nb_channels == 2)
                 sta->codecpar->ch_layout = (AVChannelLayout)AV_CHANNEL_LAYOUT_STEREO;
+            else if (sta->codecpar->ch_layout.nb_channels == 0)
+                return AVERROR_INVALIDDATA;
             break;
 
         case ID_ABIT: