# HG changeset patch
# User bcoudurier
# Date 1245031661 0
# Node ID e743de5125cdbfa4612bc2fd71bf75c93777c2f3
# Parent  b9f35b2c4859373e8626e8939a2cc2b904e3d1d3
check atom size against edit_count to avoid very long loop

diff -r b9f35b2c4859 -r e743de5125cd mov.c
--- a/mov.c	Mon Jun 15 01:41:59 2009 +0000
+++ b/mov.c	Mon Jun 15 02:07:41 2009 +0000
@@ -1831,6 +1831,9 @@
     get_be24(pb); /* flags */
     edit_count = get_be32(pb); /* entries */
 
+    if((uint64_t)edit_count*12+8 > atom.size)
+        return -1;
+
     for(i=0; i<edit_count; i++){
         int time;
         int duration = get_be32(pb); /* Track duration */