check entries against field_size, potential malloc overflow in read_stsz, fix #1357

Originally committed as revision 19793 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Baptiste Coudurier <baptiste.coudurier@gmail.com> 2009-09-07 22:42:51 +0000
committer: Baptiste Coudurier <baptiste.coudurier@gmail.com> 2009-09-07 22:42:51 +0000
commit: e4bc8af1e687efb2a2c41a469ac7b31f1c3d48cd (patch)
tree: 2bcd042dc6c7ddddd974065de1142cd1f3a97740 /libavformat/mov.c
parent: 1c4bf2ec37b296474e9cac8298722609633e5848 (diff)
download: ffmpeg-e4bc8af1e687efb2a2c41a469ac7b31f1c3d48cd.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 5f11ebe711..05fdfa3336 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1256,7 +1256,7 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
         return -1;
     }
 
-    if(entries >= UINT_MAX / sizeof(int))
+    if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
         return -1;
     sc->sample_sizes = av_malloc(entries * sizeof(int));
     if (!sc->sample_sizes)
author	Baptiste Coudurier <baptiste.coudurier@gmail.com>	2009-09-07 22:42:51 +0000
committer	Baptiste Coudurier <baptiste.coudurier@gmail.com>	2009-09-07 22:42:51 +0000
commit	e4bc8af1e687efb2a2c41a469ac7b31f1c3d48cd (patch)
tree	2bcd042dc6c7ddddd974065de1142cd1f3a97740 /libavformat/mov.c
parent	1c4bf2ec37b296474e9cac8298722609633e5848 (diff)
download	ffmpeg-e4bc8af1e687efb2a2c41a469ac7b31f1c3d48cd.tar.gz