From 0e7d436d924a42ef6e8ab628a1f10d72801d1395 Mon Sep 17 00:00:00 2001
From: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Date: Wed, 8 Sep 2010 20:20:24 +0000
Subject: [PATCH] Check dref size based on a patch by google

Originally committed as revision 25081 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/mov.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 1657c2ac999..fdf297096e0 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -345,6 +345,9 @@ static int mov_read_dref(MOVContext *c, ByteIOContext *pb, MOVAtom atom)
         uint32_t size = get_be32(pb);
         int64_t next = url_ftell(pb) + size - 4;
 
+        if (size < 12)
+            return -1;
+
         dref->type = get_le32(pb);
         get_be32(pb); // version + flags
         dprintf(c->fc, "type %.4s size %d\n", (char*)&dref->type, size);
-- 
GitLab