avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string()
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit fecb3e82a4ba09dc11a51ad0961ab491881a53a1)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 0affca9..17ffdf5 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c
@@ -827,7 +827,7 @@
int ret;
size_t buf_size;
- if (size < 0)
+ if (size < 0 || size > INT_MAX/2)
return AVERROR(EINVAL);
buf_size = size + size / 2 + 1;