Mercurial > libavformat.hg

diff sierravmd.c @ 1079:40e81416015d libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
sanity checks some might have been exploitable
author michael
date Sat, 13 May 2006 11:37:56 +0000
parents 409b399440a3
children d89d7ef290da
line wrap: on
line diff
--- a/sierravmd.c	Fri May 12 15:13:51 2006 +0000
+++ b/sierravmd.c	Sat May 13 11:37:56 2006 +0000
@@ -196,6 +196,10 @@
     vmd->frame_table = NULL;
     raw_frame_table_size = vmd->frame_count * 6;
     raw_frame_table = av_malloc(raw_frame_table_size);
+    if(vmd->frame_count * vmd->frames_per_block  >= UINT_MAX / sizeof(vmd_frame_t)){
+        av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n");
+        return -1;
+    }
     vmd->frame_table = av_malloc(vmd->frame_count * vmd->frames_per_block * sizeof(vmd_frame_t));
     if (!raw_frame_table || !vmd->frame_table) {
         av_free(raw_frame_table);