Mercurial > libavformat.hg

diff nsvdec.c @ 639:0b52743104ac libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
integer overflows, heap corruption possible arbitrary code execution cannot be ruled out in some cases precautionary checks
author michael
date Sat, 08 Jan 2005 14:21:33 +0000
parents 3d516cb458e6
children 095009fc2f35
line wrap: on
line diff
--- a/nsvdec.c	Thu Jan 06 00:54:03 2005 +0000
+++ b/nsvdec.c	Sat Jan 08 14:21:33 2005 +0000
@@ -365,6 +365,8 @@
 
     if (table_entries_used > 0) {
         nsv->index_entries = table_entries_used;
+        if((unsigned)table_entries >= UINT_MAX / sizeof(uint32_t))
+            return -1;
         nsv->nsvf_index_data = av_malloc(table_entries * sizeof(uint32_t));
         get_buffer(pb, nsv->nsvf_index_data, table_entries * sizeof(uint32_t));
     }