diff --git a/libavformat/mov.c b/libavformat/mov.c
index 397e8dfa09..dfd4bce0b7 100644
--- a/libavformat/mov.c
+++ b/libavformat/mov.c
@@ -1851,8 +1851,10 @@ static int mov_read_stss(MOVContext *c, AVIOContext *pb, MOVAtom atom)
         return 0;
     }
     if (sc->keyframes)
-        av_log(c->fc, AV_LOG_WARNING, "Duplicate STSS atom\n");
-    av_free(sc->keyframes);
+        av_log(c->fc, AV_LOG_WARNING, "Duplicated STSS atom\n");
+    if (entries >= UINT_MAX / sizeof(int))
+        return AVERROR_INVALIDDATA;
+    av_freep(&sc->keyframes);
     sc->keyframe_count = 0;
     sc->keyframes = av_malloc_array(entries, sizeof(*sc->keyframes));
     if (!sc->keyframes)