qtdemux: fix allocation explosion with stsd entries

Previously, the user input for stsd entries is trusted completely, and
so a maliciously crafted file could choose the length of the stsd
entries arbitrarily and cause qtdemux to try to allocate up to 2GB of
memory (half of a 32 bit max int).

This patch fixes this by sanity checking the stsd input against the
size of the entire stsd atom.

Part-of: <https://gitlab.freedesktop.org/gstreamer/gst-plugins-good/-/merge_requests/749>

0 files changed, 0 insertions, 0 deletions