# HG changeset patch
# User ramiro
# Date 1238383201 0
# Node ID a37db17a8283f8280c5ef117df6376b7a4e60ba0
# Parent  2f82384bbe051c0093a634a3c3cd02cc4ed90454
mlpdec: More validation for read_channel_params()

diff -r 2f82384bbe05 -r a37db17a8283 mlpdec.c
--- a/mlpdec.c	Mon Mar 30 03:12:39 2009 +0000
+++ b/mlpdec.c	Mon Mar 30 03:20:01 2009 +0000
@@ -561,6 +561,11 @@
             if (read_filter_params(m, gbp, ch, IIR) < 0)
                 return -1;
 
+    if (fir->order + iir->order > 8) {
+        av_log(m->avctx, AV_LOG_ERROR, "Total filter orders too high.\n");
+        return -1;
+    }
+
     if (fir->order && iir->order &&
         fir->shift != iir->shift) {
         av_log(m->avctx, AV_LOG_ERROR,
@@ -582,9 +587,12 @@
     cp->codebook  = get_bits(gbp, 2);
     cp->huff_lsbs = get_bits(gbp, 5);
 
-    cp->sign_huff_offset = calculate_sign_huff(m, substr, ch);
+    if (cp->huff_lsbs > 24) {
+        av_log(m->avctx, AV_LOG_ERROR, "Invalid huff_lsbs.\n");
+        return -1;
+    }
 
-    /* TODO: validate */
+    cp->sign_huff_offset = calculate_sign_huff(m, substr, ch);
 
     return 0;
 }