Mercurial > libavformat.hg

diff mov.c @ 5035:e743de5125cd libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
check atom size against edit_count to avoid very long loop
author bcoudurier
date Mon, 15 Jun 2009 02:07:41 +0000
parents 702bfee61683
children 33a244b7ca65
line wrap: on
line diff
--- a/mov.c	Mon Jun 15 01:41:59 2009 +0000
+++ b/mov.c	Mon Jun 15 02:07:41 2009 +0000
@@ -1831,6 +1831,9 @@
     get_be24(pb); /* flags */
     edit_count = get_be32(pb); /* entries */
 
+    if((uint64_t)edit_count*12+8 > atom.size)
+        return -1;
+
     for(i=0; i<edit_count; i++){
         int time;
         int duration = get_be32(pb); /* Track duration */