check entries against field_size, potential malloc overflow in read_stsz, fix #1357

git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19793 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

check entries against field_size, potential malloc overflow in read_stsz, fix #1357
git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19793 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
59a7d76f · bcoudurier · b6017446 · 59a7d76f
Commit 59a7d76f authored Sep 07, 2009 by bcoudurier
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

libavformat/mov.c libavformat/mov.c +1 -1

No files found.
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1256,7 +1256,7 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
        return -1;
    }
-    if(entries >= UINT_MAX / sizeof(int))
+    if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
        return -1;
    sc->sample_sizes = av_malloc(entries * sizeof(int));
    if (!sc->sample_sizes)