flvdec: Check for overflow before allocating arrays

On allocation, the array length is multiplied by sizeof(int64_t), this prevents the multiplication from overflowing. Signed-off-by: Martin Storsjö <martin@martin.st>
author: Michael Niedermayer <michaelni@gmx.at> 2011-09-24 18:57:31 +0300
committer: Martin Storsjö <martin@martin.st> 2011-09-25 12:55:21 +0300
commit: a246cefa75aed2ade315d6d09068aacb6b0fe76b (patch)
tree: 579b25eeb857a30869b7fac7543071984c713c06 /libavformat
parent: 9b921a8272cfcf5168a03042a6d84091cd33ee7b (diff)
download: ffmpeg-a246cefa75aed2ade315d6d09068aacb6b0fe76b.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c
index 474c4d8658..ad00c65e25 100644
--- a/libavformat/flvdec.c
+++ b/libavformat/flvdec.c
@@ -161,6 +161,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream
             break;
 
         arraylen = avio_rb32(ioc);
+        if (arraylen >> 28)
+            break;
+
         /*
          * Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata
          * for indexing
author	Michael Niedermayer <michaelni@gmx.at>	2011-09-24 18:57:31 +0300
committer	Martin Storsjö <martin@martin.st>	2011-09-25 12:55:21 +0300
commit	a246cefa75aed2ade315d6d09068aacb6b0fe76b (patch)
tree	579b25eeb857a30869b7fac7543071984c713c06 /libavformat
parent	9b921a8272cfcf5168a03042a6d84091cd33ee7b (diff)
download	ffmpeg-a246cefa75aed2ade315d6d09068aacb6b0fe76b.tar.gz