From a443a2530d00b7019269202ac0f5ca8ba0a021c7 Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 13 May 2006 11:37:56 +0000 Subject: sanity checks some might have been exploitable Originally committed as revision 5370 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavformat/sierravmd.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'libavformat/sierravmd.c') diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c index fa1730931a..fd75fc8d76 100644 --- a/libavformat/sierravmd.c +++ b/libavformat/sierravmd.c @@ -196,6 +196,10 @@ static int vmd_read_header(AVFormatContext *s, vmd->frame_table = NULL; raw_frame_table_size = vmd->frame_count * 6; raw_frame_table = av_malloc(raw_frame_table_size); + if(vmd->frame_count * vmd->frames_per_block >= UINT_MAX / sizeof(vmd_frame_t)){ + av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n"); + return -1; + } vmd->frame_table = av_malloc(vmd->frame_count * vmd->frames_per_block * sizeof(vmd_frame_t)); if (!raw_frame_table || !vmd->frame_table) { av_free(raw_frame_table); -- cgit v1.2.3