diff options
| author | Baptiste Coudurier <baptiste.coudurier@gmail.com> | 2008-02-25 12:45:59 +0000 |
|---|---|---|
| committer | Baptiste Coudurier <baptiste.coudurier@gmail.com> | 2008-02-25 12:45:59 +0000 |
| commit | 852859ff7cd29a926a9a7e811d77192b61a6956e (patch) | |
| tree | 8993d7110d527d254ffb551463fdb9e8bcfc8ce6 | |
| parent | 17871a02ad65dfeed33ece65fb774998056ed5c2 (diff) | |
| download | ffmpeg-852859ff7cd29a926a9a7e811d77192b61a6956e.tar.gz | |
protect malloc overflow
Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk
| -rw-r--r-- | libavformat/mov.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c index b03c44c176..f5a7bbf06e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom) len = mp4_read_descr(c, pb, &tag); if (tag == MP4DecSpecificDescrTag) { dprintf(c->fc, "Specific MPEG4 header len=%d\n", len); + if((uint64_t)len > (1<<30)) + return -1; st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE); if (!st->codec->extradata) return AVERROR(ENOMEM); |