From daf21a984e724a9705afa7df893e0bd2e865be3b Mon Sep 17 00:00:00 2001
From: ShashankPathmudi <146080254+ShashankPathmudi@users.noreply.github.com>
Date: Fri, 22 Dec 2023 19:03:04 +0530
Subject: [PATCH] Fix for divide-by-zero in ixheaacd_mps_frame_decode (#71)

These changes handle the divide-by-zero runtime error reported
while calculating the inverse of difference between consecutive
parameter time slot.

Bug: ossFuzz:65191
Test: poc in bug
---
 decoder/ixheaacd_mps_parse.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/decoder/ixheaacd_mps_parse.c b/decoder/ixheaacd_mps_parse.c
index 83ffdf3..d7191a1 100644
--- a/decoder/ixheaacd_mps_parse.c
+++ b/decoder/ixheaacd_mps_parse.c
@@ -1304,7 +1304,8 @@ IA_ERRORCODE ixheaacd_mps_frame_decode(ia_mps_dec_state_struct *self) {
       (WORD32)floor(self->inv_param_slot_diff[0] * 1073741824 + 0.5);
   for (i = 1; i < self->num_parameter_sets; i++) {
     self->param_slot_diff[i] = self->param_slots[i] - self->param_slots[i - 1];
-    if (MAX_TIME_SLOTS < (self->param_slot_diff[0] + self->param_slot_diff[i])) {
+    if ((MAX_TIME_SLOTS < (self->param_slot_diff[0] + self->param_slot_diff[i])) ||
+        (self->param_slot_diff[i] == 0)) {
       if (self->ec_flag == 0) {
         return -1;
       } else {