From fe573d1a9b742652f44cdc15b24fdd401eefc5e7 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 27 Oct 2012 01:18:52 +0200
Subject: sws_allocVec: check length validity

Found-by: Reimar
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libswscale/utils.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'libswscale')

diff --git a/libswscale/utils.c b/libswscale/utils.c
index 24058c3b0c..03e9463773 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -1415,7 +1415,12 @@ SwsFilter *sws_getDefaultFilter(float lumaGBlur, float chromaGBlur,
 
 SwsVector *sws_allocVec(int length)
 {
-    SwsVector *vec = av_malloc(sizeof(SwsVector));
+    SwsVector *vec;
+
+    if(length <= 0 || length > INT_MAX/ sizeof(double))
+        return NULL;
+
+    vec = av_malloc(sizeof(SwsVector));
     if (!vec)
         return NULL;
     vec->length = length;
-- 
cgit v1.2.3