Mercurial > libavformat.hg

diff wc3movie.c @ 639:0b52743104ac libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
integer overflows, heap corruption possible arbitrary code execution cannot be ruled out in some cases precautionary checks
author michael
date Sat, 08 Jan 2005 14:21:33 +0000
parents 0fdc96c2f2fe
children 253b5292946a
line wrap: on
line diff
--- a/wc3movie.c	Thu Jan 06 00:54:03 2005 +0000
+++ b/wc3movie.c	Sat Jan 08 14:21:33 2005 +0000
@@ -169,6 +169,8 @@
             if ((ret = get_buffer(pb, preamble, 4)) != 4)
                 return AVERROR_IO;
             wc3->palette_count = LE_32(&preamble[0]);
+            if((unsigned)wc3->palette_count >= UINT_MAX / PALETTE_SIZE)
+                return -1;
             wc3->palettes = av_malloc(wc3->palette_count * PALETTE_SIZE);
             break;