avformat/mxfdec: Check size to avoid integer overflow in mxf_read_utf16_string() Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> (cherry picked from commit fecb3e82a4ba09dc11a51ad0961ab491881a53a1) Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>

commit: 9e6586ceb2f2891730557c7ec8bf5388cc7b0d94 [log] [tgz]
author: Michael Niedermayer <michael@niedermayer.cc> Fri Oct 21 19:45:21 2016 +0200
committer: Michael Niedermayer <michael@niedermayer.cc> Fri Oct 21 20:26:00 2016 +0200
tree: 341cf0b282971b1ec0b91a9cb27dc24fad55ce15
parent: 6456a7416e8f04f75752ce6174372e2fc6271a80 [diff]
diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
index 0affca9..17ffdf5 100644
--- a/libavformat/mxfdec.c
+++ b/libavformat/mxfdec.c

@@ -827,7 +827,7 @@
     int ret;
     size_t buf_size;
 
-    if (size < 0)
+    if (size < 0 || size > INT_MAX/2)
         return AVERROR(EINVAL);
 
     buf_size = size + size / 2 + 1;
commit	9e6586ceb2f2891730557c7ec8bf5388cc7b0d94	[log] [tgz]
author	Michael Niedermayer <michael@niedermayer.cc>	Fri Oct 21 19:45:21 2016 +0200
committer	Michael Niedermayer <michael@niedermayer.cc>	Fri Oct 21 20:26:00 2016 +0200
tree	341cf0b282971b1ec0b91a9cb27dc24fad55ce15
parent	6456a7416e8f04f75752ce6174372e2fc6271a80 [diff]