Mercurial > libavformat.hg
diff nsvdec.c @ 639:0b52743104ac libavformat
integer overflows, heap corruption
possible arbitrary code execution cannot be ruled out in some cases
precautionary checks
author | michael |
---|---|
date | Sat, 08 Jan 2005 14:21:33 +0000 |
parents | 3d516cb458e6 |
children | 095009fc2f35 |
line wrap: on
line diff
--- a/nsvdec.c Thu Jan 06 00:54:03 2005 +0000 +++ b/nsvdec.c Sat Jan 08 14:21:33 2005 +0000 @@ -365,6 +365,8 @@ if (table_entries_used > 0) { nsv->index_entries = table_entries_used; + if((unsigned)table_entries >= UINT_MAX / sizeof(uint32_t)) + return -1; nsv->nsvf_index_data = av_malloc(table_entries * sizeof(uint32_t)); get_buffer(pb, nsv->nsvf_index_data, table_entries * sizeof(uint32_t)); }