From bbdf0d2214e58045e4a68331d10f4a39c08de1c0 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Sat, 20 Feb 2010 22:57:23 +0000
Subject: [PATCH] Make sure we dont write more bytes into filename than the
 array is long. just a precaution in case the size of the source array is
 increased or made dynamically allocateable.

Originally committed as revision 21926 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavformat/mov.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/mov.c b/libavformat/mov.c
index 8cc128785..7b475a94b 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1580,7 +1580,7 @@ static int mov_open_dref(ByteIOContext **pb, char *src, MOVDref *ref)
             }
 
         /* compose filename if next level down to target was found */
-        if (i == ref->nlvl_to - 1) {
+        if (i == ref->nlvl_to - 1 && src_path - src  < sizeof(filename)) {
             memcpy(filename, src, src_path - src);
             filename[src_path - src] = 0;
 
-- 
2.11.0