protect malloc overflow

Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk

protect malloc overflow
Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk
852859ff · Baptiste Coudurier · 17871a02 · 852859ff
Commit 852859ff authored Feb 25, 2008 by Baptiste Coudurier
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

mov.c libavformat/mov.c +2 -0

No files found.
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
        len = mp4_read_descr(c, pb, &tag);
        if (tag == MP4DecSpecificDescrTag) {
            dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+            if((uint64_t)len > (1<<30))
+                return -1;
            st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
            if (!st->codec->extradata)
                return AVERROR(ENOMEM);