libquicktime/libquicktime-1.2.4-integer_overflow.patch

Index: libquicktime/src/util.c
===================================================================
--- libquicktime.orig/src/util.c
+++ libquicktime/src/util.c
@@ -376,9 +376,14 @@ int64_t quicktime_byte_position(quicktim
 
 void quicktime_read_pascal(quicktime_t *file, char *data)
 {
-	char len = quicktime_read_char(file);
-	quicktime_read_data(file, (uint8_t*)data, len);
-	data[(int)len] = 0;
+	int len = quicktime_read_char(file);
+	if ((len > 0) && (len < 256)) {
+          /* data[] is expected to be 256 bytes long */
+          quicktime_read_data(file, (uint8_t*)data, len);
+          data[len] = 0;
+        } else {
+          data[0] = 0;
+        }
 }
 
 void quicktime_write_pascal(quicktime_t *file, char *data)