Mercurial > libavcodec.hg

changeset 9934:ff96ee73b08b libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add extra validation checks to ff_vorbis_len2vlc. They should not be necessary, but it seems like a reasonable precaution.
author reimar
date Wed, 08 Jul 2009 19:39:23 +0000
parents 6fd0b776f838
children d09283aeeef8
files vorbis.c
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/vorbis.c	Wed Jul 08 19:31:04 2009 +0000
+++ b/vorbis.c	Wed Jul 08 19:39:23 2009 +0000
@@ -45,6 +45,9 @@
 
 // Generate vlc codes from vorbis huffman code lengths
 
+// the two bits[p] > 32 checks should be redundant, all calling code should
+// already ensure that, but since it allows overwriting the stack it seems
+// reasonable to check redundantly.
 int ff_vorbis_len2vlc(uint8_t *bits, uint32_t *codes, uint_fast32_t num) {
     uint_fast32_t exit_at_level[33]={404,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,
         0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
@@ -63,6 +66,7 @@
     }
 
     codes[p]=0;
+    if (bits[p] > 32) return 1;
     for(i=0;i<bits[p];++i) {
         exit_at_level[i+1]=1<<i;
     }
@@ -79,6 +83,7 @@
     ++p;
 
     for(;p<num;++p) {
+        if (bits[p] > 32) return 1;
         if (bits[p]==0) continue;
         // find corresponding exit(node which the tree can grow further from)
         for(i=bits[p];i>0;--i) {