# HG changeset patch
# User bcoudurier
# Date 1203943559 0
# Node ID 099c8f03c62e0f23e5192115e551ea0798f26288
# Parent  507565d7d6114f350fd5040fc96bf15c209fa838
protect malloc overflow

diff -r 507565d7d611 -r 099c8f03c62e mov.c
--- a/mov.c	Mon Feb 25 12:44:15 2008 +0000
+++ b/mov.c	Mon Feb 25 12:45:59 2008 +0000
@@ -291,6 +291,8 @@
         len = mp4_read_descr(c, pb, &tag);
         if (tag == MP4DecSpecificDescrTag) {
             dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+            if((uint64_t)len > (1<<30))
+                return -1;
             st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!st->codec->extradata)
                 return AVERROR(ENOMEM);