From f40ec70478648c1e6cde43b8577c3c29380372ee Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 29 Jul 2015 13:34:50 +0200
Subject: avformat/wavdec: Check for data_size overflow

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/wavdec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavformat/wavdec.c b/libavformat/wavdec.c
index db42f59826..1803b5cdaf 100644
--- a/libavformat/wavdec.c
+++ b/libavformat/wavdec.c
@@ -429,6 +429,11 @@ break_loop:
 
     avio_seek(pb, data_ofs, SEEK_SET);
 
+    if (data_size > (INT64_MAX>>3)) {
+        av_log(s, AV_LOG_WARNING, "Data size %"PRId64" is too large\n", data_size);
+        data_size = 0;
+    }
+
     if (   data_size > 0 && sample_count && st->codec->channels
         && (data_size << 3) / sample_count / st->codec->channels > st->codec->bits_per_coded_sample) {
         av_log(s, AV_LOG_WARNING, "ignoring wrong sample_count %"PRId64"\n", sample_count);
-- 
cgit v1.2.3