sws_allocVec: check length validity
authorMichael Niedermayer <michaelni@gmx.at>
Fri, 26 Oct 2012 23:18:52 +0000 (01:18 +0200)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 26 Oct 2012 23:24:51 +0000 (01:24 +0200)
Found-by: Reimar
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libswscale/utils.c

index 24058c3..03e9463 100644 (file)
@@ -1415,7 +1415,12 @@ SwsFilter *sws_getDefaultFilter(float lumaGBlur, float chromaGBlur,
 
 SwsVector *sws_allocVec(int length)
 {
-    SwsVector *vec = av_malloc(sizeof(SwsVector));
+    SwsVector *vec;
+
+    if(length <= 0 || length > INT_MAX/ sizeof(double))
+        return NULL;
+
+    vec = av_malloc(sizeof(SwsVector));
     if (!vec)
         return NULL;
     vec->length = length;