From 568e18b15e2ddf494fd8926707d34ca08c8edce5 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 8 Jan 2005 14:21:33 +0000
Subject: integer overflows, heap corruption possible arbitrary code execution
 cannot be ruled out in some cases precautionary checks

Originally committed as revision 3813 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/nsvdec.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'libavformat/nsvdec.c')

diff --git a/libavformat/nsvdec.c b/libavformat/nsvdec.c
index f3831d7f39..555a71a2ed 100644
--- a/libavformat/nsvdec.c
+++ b/libavformat/nsvdec.c
@@ -365,6 +365,8 @@ static int nsv_parse_NSVf_header(AVFormatContext *s, AVFormatParameters *ap)
 
     if (table_entries_used > 0) {
         nsv->index_entries = table_entries_used;
+        if((unsigned)table_entries >= UINT_MAX / sizeof(uint32_t))
+            return -1;
         nsv->nsvf_index_data = av_malloc(table_entries * sizeof(uint32_t));
         get_buffer(pb, nsv->nsvf_index_data, table_entries * sizeof(uint32_t));
     }
-- 
cgit v1.2.1