flvdec: Check for overflow before allocating arrays

On allocation, the array length is multiplied by sizeof(int64_t), this prevents the multiplication from overflowing. Signed-off-by: Martin Storsjö <martin@martin.st>

flvdec: Check for overflow before allocating arrays
On allocation, the array length is multiplied by sizeof(int64_t), this prevents the multiplication from overflowing. Signed-off-by: Martin Storsjö <martin@martin.st>
a246cefa · Michael Niedermayer · Martin Storsjö · 9b921a82 · a246cefa
Commit a246cefa authored Sep 24, 2011 by Michael Niedermayer Committed by Martin Storsjö Sep 25, 2011
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

flvdec.c libavformat/flvdec.c +3 -0

No files found.
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -161,6 +161,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream
            break;
        arraylen = avio_rb32(ioc);
+        if (arraylen >> 28)
+            break;
        /*
         * Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata
         * for indexing