matroskadec: Check memory allocations

[ffmpeg] / libavformat / mpc8.c

diff --git a/libavformat/mpc8.c b/libavformat/mpc8.c
index f60a314b77fe5745739c8f15f06da86495cb83bd..07f12d291c73ffc946b9be7d1ce22310ab17e957 100644 (file)
--- a/libavformat/mpc8.c
+++ b/libavformat/mpc8.c
@@ -47,7 +47,7 @@ enum MPCPacketTags{
 
 static const int mpc8_rate[8] = { 44100, 48000, 37800, 32000, -1, -1, -1, -1 };
 
-typedef struct {
+typedef struct MPCContext {
     int ver;
     int64_t header_pos;
     int64_t samples;
@@ -92,7 +92,7 @@ static int mpc8_probe(AVProbeData *p)
         if (size < 2)
             return 0;
         if (bs + size - 2 >= bs_end)
-            return AVPROBE_SCORE_MAX / 4 - 1; //seems to be valid MPC but no header yet
+            return AVPROBE_SCORE_EXTENSION - 1; // seems to be valid MPC but no header yet
         if (header_found) {
             if (size < 11 || size > 28)
                 return 0;
@@ -139,12 +139,21 @@ static void mpc8_parse_seektable(AVFormatContext *s, int64_t off)
     int i, t, seekd;
     GetBitContext gb;
 
+    if (s->nb_streams == 0) {
+        av_log(s, AV_LOG_ERROR, "No stream added before parsing seek table\n");
+        return;
+    }
+
     avio_seek(s->pb, off, SEEK_SET);
     mpc8_get_chunk_header(s->pb, &tag, &size);
     if(tag != TAG_SEEKTABLE){
         av_log(s, AV_LOG_ERROR, "No seek table at given position\n");
         return;
     }
+    if (size < 0 || size >= INT_MAX / 2) {
+        av_log(s, AV_LOG_ERROR, "Bad seek table size\n");
+        return;
+    }
     if(!(buf = av_malloc(size + FF_INPUT_BUFFER_PADDING_SIZE)))
         return;
     avio_read(s->pb, buf, size);