CVE-2016-3062

author Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>

Tue, 14 Jun 2016 12:13:25 +0000 (12:13 +0000)

committer Chris Lamb <lamby@debian.org>

Tue, 14 Jun 2016 12:13:25 +0000 (12:13 +0000)
author Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Tue, 14 Jun 2016 12:13:25 +0000 (12:13 +0000)
committer Chris Lamb <lamby@debian.org>
Tue, 14 Jun 2016 12:13:25 +0000 (12:13 +0000)
diff --git a/libavformat/mov.c b/libavformat/mov.c

index a1de6526a04e7c13fa130d55cd0be929143039fd..4e636e7b157a9f24ec74bf6ad1148c58298d0d81 100644 (file)
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -387,8 +387,10 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
  
      avio_rb32(pb); // version + flags
      entries = avio_rb32(pb);
-    if (entries >= UINT_MAX / sizeof(*sc->drefs))
+    if (!entries ||
+        entries >= UINT_MAX / sizeof(*sc->drefs))
          return AVERROR_INVALIDDATA;
+    sc->drefs_count = 0;
      sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
      if (!sc->drefs)
          return AVERROR(ENOMEM);
author	Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
	Tue, 14 Jun 2016 12:13:25 +0000 (12:13 +0000)
committer	Chris Lamb <lamby@debian.org>
	Tue, 14 Jun 2016 12:13:25 +0000 (12:13 +0000)