ape: check that number of seektable entries is equal to number of frames
[ffmpeg.git] / libavformat / ape.c
index 6c8880d2c0e777e66492cf21d6db4b53dec30527..5aac00c56a1c65b3a0731cfc5e2b343608bfd0c3 100644 (file)
@@ -250,6 +250,11 @@ static int ape_read_header(AVFormatContext * s, AVFormatParameters * ap)
         av_log(s, AV_LOG_ERROR, "Too many frames: %d\n", ape->totalframes);
         return -1;
     }
+    if (ape->seektablelength && (ape->seektablelength / sizeof(*ape->seektable)) < ape->totalframes) {
+        av_log(s, AV_LOG_ERROR, "Number of seek entries is less than number of frames: %d vs. %d\n",
+               ape->seektablelength / sizeof(*ape->seektable), ape->totalframes);
+        return AVERROR_INVALIDDATA;
+    }
     ape->frames       = av_malloc(ape->totalframes * sizeof(APEFrame));
     if(!ape->frames)
         return AVERROR(ENOMEM);