diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2011-09-24 18:57:31 +0300 |
|---|---|---|
| committer | Martin Storsjö <martin@martin.st> | 2011-09-25 12:55:21 +0300 |
| commit | a246cefa75aed2ade315d6d09068aacb6b0fe76b (patch) | |
| tree | 579b25eeb857a30869b7fac7543071984c713c06 /libavformat/flvdec.c | |
| parent | 9b921a8272cfcf5168a03042a6d84091cd33ee7b (diff) | |
flvdec: Check for overflow before allocating arrays
On allocation, the array length is multiplied by sizeof(int64_t),
this prevents the multiplication from overflowing.
Signed-off-by: Martin Storsjö <martin@martin.st>
Diffstat (limited to 'libavformat/flvdec.c')
| -rw-r--r-- | libavformat/flvdec.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 474c4d8658..ad00c65e25 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -161,6 +161,9 @@ static int parse_keyframes_index(AVFormatContext *s, AVIOContext *ioc, AVStream break; arraylen = avio_rb32(ioc); + if (arraylen >> 28) + break; + /* * Expect only 'times' or 'filepositions' sub-arrays in other case refuse to use such metadata * for indexing |