From 852859ff7cd29a926a9a7e811d77192b61a6956e Mon Sep 17 00:00:00 2001 From: Baptiste Coudurier Date: Mon, 25 Feb 2008 12:45:59 +0000 Subject: [PATCH] protect malloc overflow Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/mov.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/mov.c b/libavformat/mov.c index b03c44c176..f5a7bbf06e 100644 --- a/libavformat/mov.c +++ b/libavformat/mov.c @@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom) len = mp4_read_descr(c, pb, &tag); if (tag == MP4DecSpecificDescrTag) { dprintf(c->fc, "Specific MPEG4 header len=%d\n", len); + if((uint64_t)len > (1<<30)) + return -1; st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE); if (!st->codec->extradata) return AVERROR(ENOMEM);