From 9c7fd997f794d3180ef4cbde019e4827ff309988 Mon Sep 17 00:00:00 2001
From: Baptiste Coudurier <baptiste.coudurier@gmail.com>
Date: Mon, 25 Feb 2008 12:38:37 +0000
Subject: [PATCH] 10l, protect malloc overflow

Originally committed as revision 12205 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/aiff.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/aiff.c b/libavformat/aiff.c
index 7ff75b6e30..1685a306b1 100644
--- a/libavformat/aiff.c
+++ b/libavformat/aiff.c
@@ -368,6 +368,8 @@ static int aiff_read_header(AVFormatContext *s,
             url_fskip(pb, size - 8);
             break;
         case MKTAG('w', 'a', 'v', 'e'):
+            if ((uint64_t)size > (1<<30))
+                return -1;
             st->codec->extradata = av_mallocz(size + FF_INPUT_BUFFER_PADDING_SIZE);
             if (!st->codec->extradata)
                 return AVERROR(ENOMEM);