# HG changeset patch # User bcoudurier # Date 1252363371 0 # Node ID 3d4203b9c2d7f1117e3f021bc8f932fe40585df7 # Parent 99c46fe0b8a03a6d2feb79c2dc8188c48114a8b3 check entries against field_size, potential malloc overflow in read_stsz, fix #1357 diff -r 99c46fe0b8a0 -r 3d4203b9c2d7 mov.c --- a/mov.c Mon Sep 07 22:36:33 2009 +0000 +++ b/mov.c Mon Sep 07 22:42:51 2009 +0000 @@ -1256,7 +1256,7 @@ return -1; } - if(entries >= UINT_MAX / sizeof(int)) + if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size) return -1; sc->sample_sizes = av_malloc(entries * sizeof(int)); if (!sc->sample_sizes)