From 852859ff7cd29a926a9a7e811d77192b61a6956e Mon Sep 17 00:00:00 2001
From: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Date: Mon, 25 Feb 2008 12:45:59 +0000
Subject: [PATCH] protect malloc overflow

Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/mov.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index b03c44c176e..f5a7bbf06e4 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
         len = mp4_read_descr(c, pb, &tag);
         if (tag == MP4DecSpecificDescrTag) {
             dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+            if((uint64_t)len > (1<<30))
+                return -1;
             st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!st->codec->extradata)
                 return AVERROR(ENOMEM);
-- 
GitLab