# HG changeset patch
# User reimar
# Date 1127820073 0
# Node ID 9574fb378080c6b54f8566a2556a530f9f67019f
# Parent  744c3d53b670f2a70fb90631a19470d940fb6d25
Sanity-check codecdata_len, fixes crash in libfaad due to failed malloc for
http://images.apple.com/movies/us/hd_gallery/gl1800/480p/the_brothers_grimm_m480pa.mov

diff -r 744c3d53b670 -r 9574fb378080 libmpdemux/demux_mov.c
--- a/libmpdemux/demux_mov.c	Tue Sep 27 10:44:21 2005 +0000
+++ b/libmpdemux/demux_mov.c	Tue Sep 27 11:21:13 2005 +0000
@@ -662,6 +662,7 @@
 //      32  char[4]	atom type (fourc charater code -> esds)		
 //      36  char[]  	atom data (len=size-8)
 
+// TODO: fix parsing for files using version 2.
 		trak->samplebytes=sh->samplesize=char2short(trak->stdata,18)/8;
 		trak->nchannels=sh->channels=char2short(trak->stdata,16);
 		/*printf("MOV: timescale: %d samplerate: %d durmap: %d (%d) -> %d (%d)\n",
@@ -711,8 +712,10 @@
 			    sh->codecdata = (unsigned char *)malloc(sh->codecdata_len);
 			    memcpy(sh->codecdata, &trak->stdata[52+char2int(trak->stdata,52)], sh->codecdata_len);
 		    } else {
+		      if (len > 8 && len + 44 < trak->stdata_len) {
 		    sh->codecdata_len = len-8;
 		    sh->codecdata = trak->stdata+44+8;
+		      }
 		    }
 		  }
 		}