mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2024-12-11 17:55:21 +00:00
check entries against field_size, potential malloc overflow in read_stsz, fix #1357
Originally committed as revision 19793 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
parent
1c4bf2ec37
commit
e4bc8af1e6
@ -1256,7 +1256,7 @@ static int mov_read_stsz(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(entries >= UINT_MAX / sizeof(int))
|
||||
if (entries >= UINT_MAX / sizeof(int) || entries >= (UINT_MAX - 4) / field_size)
|
||||
return -1;
|
||||
sc->sample_sizes = av_malloc(entries * sizeof(int));
|
||||
if (!sc->sample_sizes)
|
||||
|
Loading…
Reference in New Issue
Block a user