flvdec: Check for overflow before allocating arrays

On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.

Signed-off-by: Martin Storsjö <martin@martin.st>
(cherry picked from commit a246cefa75)

Signed-off-by: Reinhard Tartler <siretart@tauware.de>

libavformat/flvdec.c

@@ -147,6 +147,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream
             break;
 
         arraylen = avio_rb32(ioc);
+        if (arraylen >> 28)
+            break;
+
         /*
          * Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata
          * for indexing