From 568e18b15e2ddf494fd8926707d34ca08c8edce5 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 8 Jan 2005 14:21:33 +0000
Subject: integer overflows, heap corruption possible arbitrary code execution
 cannot be ruled out in some cases precautionary checks

Originally committed as revision 3813 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/segafilm.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libavformat/segafilm.c')

diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c
index 9e94de1..3f752a1 100644
--- a/libavformat/segafilm.c
+++ b/libavformat/segafilm.c
@@ -171,6 +171,8 @@ static int film_read_header(AVFormatContext *s,
         return AVERROR_INVALIDDATA;
     film->base_clock = BE_32(&scratch[8]);
     film->sample_count = BE_32(&scratch[12]);
+    if(film->sample_count >= UINT_MAX / sizeof(film_sample_t))
+        return -1;
     film->sample_table = av_malloc(film->sample_count * sizeof(film_sample_t));
     
     for(i=0; i<s->nb_streams; i++)
-- 
cgit v1.1