Merge commit '4ce701b4e640d4723a4005d664f31f8342fac40e'

[ffmpeg] / libavformat / mov.c

diff --git a/libavformat/mov.c b/libavformat/mov.c
index d66f4e338c224324bb2db4e1b30aefa8b0189b08..d922e0f173a439fd3b3d06aeb2b133cb2bd67669 100644 (file)
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -2558,7 +2558,8 @@ static int mov_read_stsd(MOVContext *c, AVIOContext *pb, MOVAtom atom)
     avio_rb24(pb); /* flags */
     entries = avio_rb32(pb);
 
-    if (entries <= 0) {
+    /* Each entry contains a size (4 bytes) and format (4 bytes). */
+    if (entries <= 0 || entries > atom.size / 8) {
         av_log(c->fc, AV_LOG_ERROR, "invalid STSD entries %d\n", entries);
         return AVERROR_INVALIDDATA;
     }