From: Debian Multimedia Maintainers <pkg-multimedia-maintainers@lists.alioth.debian.org>
Date: Tue, 14 Jun 2016 12:13:25 +0000 (+0000)
Subject: CVE-2016-3062
X-Git-Tag: archive/raspbian/6%0.8.20-0+deb7u1+rpi1~1^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=b84c9cd6553ab986acc4d0ad30f481322d7af1a0;p=libav.git

CVE-2016-3062


Gbp-Pq: Name CVE-2016-3062.patch
---

diff --git a/libavformat/mov.c b/libavformat/mov.c
index a1de652..4e636e7 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -387,8 +387,10 @@ static int mov_read_dref(MOVContext *c, AVIOContext *pb, MOVAtom atom)
 
     avio_rb32(pb); // version + flags
     entries = avio_rb32(pb);
-    if (entries >= UINT_MAX / sizeof(*sc->drefs))
+    if (!entries ||
+        entries >= UINT_MAX / sizeof(*sc->drefs))
         return AVERROR_INVALIDDATA;
+    sc->drefs_count = 0;
     sc->drefs = av_mallocz(entries * sizeof(*sc->drefs));
     if (!sc->drefs)
         return AVERROR(ENOMEM);