Mercurial > libavcodec.hg

comparison vorbis_dec.c @ 11973:7ca225db75e8 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
vorbisdec: Take channels into account when checking against residue overflow Fixes issue1969
author conrad
date Sun, 27 Jun 2010 01:46:23 +0000
parents e36d1bb6d8b7
children a3fe680377aa
comparison
equal deleted inserted replaced
11972:e36d1bb6d8b7 11973:7ca225db75e8
643 res_setup->begin = get_bits(gb, 24); 643 res_setup->begin = get_bits(gb, 24);
644 res_setup->end = get_bits(gb, 24); 644 res_setup->end = get_bits(gb, 24);
645 res_setup->partition_size = get_bits(gb, 24) + 1; 645 res_setup->partition_size = get_bits(gb, 24) + 1;
646 /* Validations to prevent a buffer overflow later. */ 646 /* Validations to prevent a buffer overflow later. */
647 if (res_setup->begin>res_setup->end || 647 if (res_setup->begin>res_setup->end ||
648 res_setup->end>vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) || 648 res_setup->end > vc->avccontext->channels * vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
649 (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) { 649 (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) {
650 av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIdFAST16", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32"\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1] / 2); 650 av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIdFAST16", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32"\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1] / 2);
651 return -1; 651 return -1;
652 } 652 }
653 653