[SCM] libav/experimental: protect malloc overflow

[siretart at users.alioth.debian.org]

The following commit has been merged in the experimental branch:
commit 852859ff7cd29a926a9a7e811d77192b61a6956e
Author: Baptiste Coudurier <baptiste.coudurier at gmail.com>
Date:   Mon Feb 25 12:45:59 2008 +0000

    protect malloc overflow
    
    Originally committed as revision 12208 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavformat/mov.c b/libavformat/mov.c
index b03c44c..f5a7bbf 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -291,6 +291,8 @@ static int mov_read_esds(MOVContext *c, ByteIOContext *pb, MOV_atom_t atom)
         len = mp4_read_descr(c, pb, &tag);
         if (tag == MP4DecSpecificDescrTag) {
             dprintf(c->fc, "Specific MPEG4 header len=%d\n", len);
+            if((uint64_t)len > (1<<30))
+                return -1;
             st->codec->extradata = av_mallocz(len + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!st->codec->extradata)
                 return AVERROR(ENOMEM);

-- 
Libav/FFmpeg packaging