summaryrefslogtreecommitdiff
path: root/libavformat/matroskadec.c
diff options
context:
space:
mode:
Diffstat (limited to 'libavformat/matroskadec.c')
-rw-r--r--libavformat/matroskadec.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c
index 439ee462a5..8c4ff30935 100644
--- a/libavformat/matroskadec.c
+++ b/libavformat/matroskadec.c
@@ -110,6 +110,7 @@ typedef const struct EbmlSyntax {
typedef struct EbmlList {
int nb_elem;
+ unsigned int alloc_elem_size;
void *elem;
} EbmlList;
@@ -1236,8 +1237,13 @@ static int ebml_parse(MatroskaDemuxContext *matroska,
data = (char *) data + syntax->data_offset;
if (syntax->list_elem_size) {
EbmlList *list = data;
- void *newelem = av_realloc_array(list->elem, list->nb_elem + 1,
- syntax->list_elem_size);
+ void *newelem;
+
+ if ((unsigned)list->nb_elem + 1 >= UINT_MAX / syntax->list_elem_size)
+ return AVERROR(ENOMEM);
+ newelem = av_fast_realloc(list->elem,
+ &list->alloc_elem_size,
+ (list->nb_elem + 1) * syntax->list_elem_size);
if (!newelem)
return AVERROR(ENOMEM);
list->elem = newelem;
@@ -1490,6 +1496,7 @@ static void ebml_free(EbmlSyntax *syntax, void *data)
ebml_free(syntax[i].def.n, ptr);
av_freep(&list->elem);
list->nb_elem = 0;
+ list->alloc_elem_size = 0;
} else
ebml_free(syntax[i].def.n, data_off);
default:
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-22 02:58:54 +0000