From b5d294eab05456251e777ca6262b6ebcd936c298 Mon Sep 17 00:00:00 2001
From: Wim Taymans <wtaymans@redhat.com>
Date: Fri, 8 May 2026 17:12:54 +0200
Subject: [PATCH] dfffile: handle invalid channels and rate

Missing or malformed headers could cause unspecified channels or rate
that can cause crashes.
---
 src/tools/dfffile.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/tools/dfffile.c b/src/tools/dfffile.c
index c77b26adb..35722174e 100644
--- a/src/tools/dfffile.c
+++ b/src/tools/dfffile.c
@@ -186,6 +186,8 @@ static int read_FRM8(struct dff_file *f)
 			break;
 		case FOURCC('D', 'S', 'D', ' '):
 		{
+			if (f->info.channels == 0)
+				return -EINVAL;
 			f->info.length = c[1].size;
 			f->info.samples = c[1].size / f->info.channels;
 			f->info.lsb = 0;
@@ -221,6 +223,11 @@ static int open_read(struct dff_file *f, const char *filename, struct dff_file_i
 	if ((res = read_FRM8(f)) < 0)
 		goto exit_close;
 
+	if (f->info.channels == 0 || f->info.rate == 0) {
+		res = -EINVAL;
+		goto exit_close;
+	}
+
 	f->blocksize = BLOCKSIZE * f->info.channels;
 	f->buffer = calloc(1, f->blocksize);
 	if (f->buffer == NULL) {