From: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Date: Mon, 25 Feb 2008 12:45:59 +0000 (+0000)
Subject: protect malloc overflow
X-Git-Tag: v0.5~5748
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=852859ff7cd29a926a9a7e811d77192b61a6956e;p=platform%2Fupstream%2Flibav.git

protect malloc overflow

Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk
---

diff --git a/libavformat/mov.c b/libavformat/mov.c
index b03c44c..f5a7bbf 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
         len = mp4_read_descr(c, pb, &tag);
         if (tag == MP4DecSpecificDescrTag) {
             dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+            if((uint64_t)len > (1<<30))
+                return -1;
             st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!st->codec->extradata)
                 return AVERROR(ENOMEM);