[FFmpeg-cvslog] r19793 - trunk/libavformat/mov.c

bcoudurier subversion
Tue Sep 8 00:42:51 CEST 2009


Author: bcoudurier
Date: Tue Sep  8 00:42:51 2009
New Revision: 19793

Log:
check entries against field_size, potential malloc overflow in read_stsz, fix #1357

Modified:
   trunk/libavformat/mov.c

Modified: trunk/libavformat/mov.c
==============================================================================
--- trunk/libavformat/mov.c	Tue Sep  8 00:36:33 2009	(r19792)
+++ trunk/libavformat/mov.c	Tue Sep  8 00:42:51 2009	(r19793)
@@ -1256,7 +1256,7 @@ static int mov_read_stsz(MOVContext *c, 
         return -1;
     }
 
-    if(entries >= UINT_MAX / sizeof(int))
+    if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
         return -1;
     sc->sample_sizes = av_malloc(entries * sizeof(int));
     if (!sc->sample_sizes)



More information about the ffmpeg-cvslog mailing list