virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

check entries against field_size, potential malloc overflow in read_stsz, fix #1357

Browse Source 
Originally committed as revision 19793 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Baptiste Coudurier 2009-09-07 22:42:51 +00:00
parent 1c4bf2ec37
commit e4bc8af1e6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavformat/mov.c
View File

@ -1256,7 +1256,7 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
return -1; return -1;
} }
if(entries >= UINT_MAX / sizeof(int)) if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
return -1; return -1;
sc->sample_sizes = av_malloc(entries * sizeof(int)); sc->sample_sizes = av_malloc(entries * sizeof(int));
if (!sc->sample_sizes) if (!sc->sample_sizes)