# HG changeset patch
# User conrad
# Date 1277603183 0
# Node ID 7ca225db75e807cca45b75322c29bb01c679577c
# Parent  e36d1bb6d8b7b0fb8deab61a4b67bffe5d441119
vorbisdec: Take channels into account when checking against residue overflow

Fixes issue1969

diff -r e36d1bb6d8b7 -r 7ca225db75e8 vorbis_dec.c
--- a/vorbis_dec.c	Sun Jun 27 01:46:20 2010 +0000
+++ b/vorbis_dec.c	Sun Jun 27 01:46:23 2010 +0000
@@ -645,7 +645,7 @@
         res_setup->partition_size = get_bits(gb, 24) + 1;
         /* Validations to prevent a buffer overflow later. */
         if (res_setup->begin>res_setup->end ||
-            res_setup->end>vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
+            res_setup->end > vc->avccontext->channels * vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
             (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) {
             av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIdFAST16", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32"\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1] / 2);
             return -1;