aboutsummaryrefslogtreecommitdiffstats
path: root/libavformat
diff options
context:
space:
mode:
authorBaptiste Coudurier <baptiste.coudurier@gmail.com>2010-09-08 20:20:24 +0000
committerBaptiste Coudurier <baptiste.coudurier@gmail.com>2010-09-08 20:20:24 +0000
commit0e7d436d924a42ef6e8ab628a1f10d72801d1395 (patch)
treea86c7a0c3e9c5790abd3e77531fdf5e0eb52953e /libavformat
parent9044dd83991491309ecb76c389502e410897d7d2 (diff)
downloadffmpeg-0e7d436d924a42ef6e8ab628a1f10d72801d1395.tar.gz
Check dref size based on a patch by google
Originally committed as revision 25081 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavformat')
-rw-r--r--libavformat/mov.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/libavformat/mov.c b/libavformat/mov.c
index 1657c2ac99..fdf297096e 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -345,6 +345,9 @@ static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
uint32_t size = get_be32(pb);
int64_t next = url_ftell(pb) + size - 4;
+ if (size < 12)
+ return -1;
+
dref->type = get_le32(pb);
get_be32(pb); // version + flags
dprintf(c->fc, "type %.4s size %d\n", (char*)&dref->type, size);