libavcodec.hg: vorbis.c comparison

Add extra validation checks to ff_vorbis_len2vlc. They should not be necessary, but it seems like a reasonable precaution.

comparison

equal deleted inserted replaced

-:6fd0b776f838
+:ff96ee73b08b
 return ret - 1;
 }
 // Generate vlc codes from vorbis huffman code lengths
+// the two bits[p] > 32 checks should be redundant, all calling code should
+// already ensure that, but since it allows overwriting the stack it seems
+// reasonable to check redundantly.
 int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, uint_fast32_t num) {
 uint_fast32_t exit_at_level[33]={404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
 uint_fast8_t i,j;
 //        av_log(vc->avccontext, AV_LOG_INFO, "An empty codebook. Heh?! \n");
 return 0;
 }
 codes[p]=0;
+if (bits[p] > 32) return 1;
 for(i=0;i<bits[p];++i) {
 exit_at_level[i+1]=1<<i;
 }
 #ifdef V_DEBUG
 #endif
 ++p;
 for(;p<num;++p) {
+if (bits[p] > 32) return 1;
 if (bits[p]==0) continue;
 // find corresponding exit(node which the tree can grow further from)
 for(i=bits[p];i>0;--i) {
 if (exit_at_level[i]) break;
 }

Mercurial > libavcodec.hg