# HG changeset patch
# User bcoudurier
# Date 1252363371 0
# Node ID 3d4203b9c2d7f1117e3f021bc8f932fe40585df7
# Parent  99c46fe0b8a03a6d2feb79c2dc8188c48114a8b3
check entries against field_size, potential malloc overflow in read_stsz, fix #1357

diff -r 99c46fe0b8a0 -r 3d4203b9c2d7 mov.c
--- a/mov.c	Mon Sep 07 22:36:33 2009 +0000
+++ b/mov.c	Mon Sep 07 22:42:51 2009 +0000
@@ -1256,7 +1256,7 @@
         return -1;
     }
 
-    if(entries >= UINT_MAX / sizeof(int))
+    if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
         return -1;
     sc->sample_sizes = av_malloc(entries * sizeof(int));
     if (!sc->sample_sizes)