[FFmpeg-cvslog] r19793 - trunk/libavformat/mov.c
bcoudurier
subversion
Tue Sep 8 00:42:51 CEST 2009
Author: bcoudurier
Date: Tue Sep 8 00:42:51 2009
New Revision: 19793
Log:
check entries against field_size, potential malloc overflow in read_stsz, fix #1357
Modified:
trunk/libavformat/mov.c
Modified: trunk/libavformat/mov.c
==============================================================================
--- trunk/libavformat/mov.c Tue Sep 8 00:36:33 2009 (r19792)
+++ trunk/libavformat/mov.c Tue Sep 8 00:42:51 2009 (r19793)
@@ -1256,7 +1256,7 @@ static int mov_read_stsz(MOVContext *c,
return -1;
}
- if(entries >= UINT_MAX / sizeof(int))
+ if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
return -1;
sc->sample_sizes = av_malloc(entries * sizeof(int));
if (!sc->sample_sizes)
More information about the ffmpeg-cvslog
mailing list