Mercurial > libavformat.hg

changeset 5165:3d4203b9c2d7 libavformat

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
check entries against field_size, potential malloc overflow in read_stsz, fix #1357
author bcoudurier
date Mon, 07 Sep 2009 22:42:51 +0000
parents 99c46fe0b8a0
children 1258b5879021
files mov.c
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mov.c	Mon Sep 07 22:36:33 2009 +0000
+++ b/mov.c	Mon Sep 07 22:42:51 2009 +0000
@@ -1256,7 +1256,7 @@
         return -1;
     }
 
-    if(entries >= UINT_MAX / sizeof(int))
+    if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
         return -1;
     sc->sample_sizes = av_malloc(entries * sizeof(int));
     if (!sc->sample_sizes)