On Sun, Mar 13, 2022 at 04:53:29PM +0100, Marton Balint wrote:
> 
> 
> On Sun, 13 Mar 2022, Michael Niedermayer wrote:
> 
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > libavformat/mxfdec.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index 828fc0f9f1..f088712494 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -941,7 +941,7 @@ static int mxf_read_strong_ref_array(AVIOContext *pb, UID **refs, int *count)
> >     *count = c;
> > 
> >     av_free(*refs);
> > -    *refs = av_calloc(*count, sizeof(UID));
> > +    *refs = av_malloc(*count * sizeof(UID));
> 
> I suggest av_malloc_array(), even if it can't overflow because of earlier
> checks.

agree, will change that

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

"You are 36 times more likely to die in a bathtub than at the hands of a
terrorist. Also, you are 2.5 times more likely to become a president and
2 times more likely to become an astronaut, than to die in a terrorist
attack." -- Thoughty2