From: Kostya Shishkov <[email protected]> fixes issue2480
Signed-off-by: Anton Khirnov <[email protected]> --- libavformat/ape.c | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/libavformat/ape.c b/libavformat/ape.c index 6c8880d..5aac00c 100644 --- a/libavformat/ape.c +++ b/libavformat/ape.c @@ -250,6 +250,11 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap) av_log(s, AV_LOG_ERROR, "Too many frames: %d\n", ape->totalframes); return -1; } + if (ape->seektablelength && (ape->seektablelength / sizeof(*ape->seektable)) < ape->totalframes) { + av_log(s, AV_LOG_ERROR, "Number of seek entries is less than number of frames: %d vs. %d\n", + ape->seektablelength / sizeof(*ape->seektable), ape->totalframes); + return AVERROR_INVALIDDATA; + } ape->frames = av_malloc(ape->totalframes * sizeof(APEFrame)); if(!ape->frames) return AVERROR(ENOMEM); -- 1.7.4.1 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
