avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fecb3e82a4ba09dc11a51ad0961ab491881a53a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
author: Michael Niedermayer <michael@niedermayer.cc> 2016-10-21 19:45:21 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> 2016-11-26 15:12:25 +0100
commit: b9ab4db9f935a00611bad89b7c0330283c2468e4 (patch)
tree: a3c4f766b9bfd9724bc935d771b7d7549ebf712f
parent: 8328c07fb13b06c2b737785b109e7808cbbe2930 (diff)
download: ffmpeg-b9ab4db9f935a00611bad89b7c0330283c2468e4.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 2c18549f57..4ec2756e83 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -826,7 +826,7 @@ static inline int mxf_read_utf16_string(AVIOContext *pb, int size, char** str, i
     int ret;
     size_t buf_size;
 
-    if (size < 0)
+    if (size < 0 || size > INT_MAX/2)
         return AVERROR(EINVAL);
 
     buf_size = size + size / 2 + 1;
author	Michael Niedermayer <michael@niedermayer.cc>	2016-10-21 19:45:21 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	2016-11-26 15:12:25 +0100
commit	b9ab4db9f935a00611bad89b7c0330283c2468e4 (patch)
tree	a3c4f766b9bfd9724bc935d771b7d7549ebf712f
parent	8328c07fb13b06c2b737785b109e7808cbbe2930 (diff)
download	ffmpeg-b9ab4db9f935a00611bad89b7c0330283c2468e4.tar.gz