[FFmpeg-cvslog] r19996 - trunk/libavcodec/vorbis_dec.c

Diego Biurrun diego
Wed Sep 23 15:38:46 CEST 2009


On Wed, Sep 23, 2009 at 03:08:48PM +0200, michael wrote:
> 
> --- trunk/libavcodec/vorbis_dec.c	Wed Sep 23 14:42:12 2009	(r19995)
> +++ trunk/libavcodec/vorbis_dec.c	Wed Sep 23 15:08:48 2009	(r19996)
> @@ -638,6 +639,14 @@ static int vorbis_parse_setup_hdr_residu
>          res_setup->partition_size=get_bits(gb, 24)+1;
> +        /* Validations to prevent a buffer overflow later. */
> +        if (res_setup->begin>res_setup->end
> +        || res_setup->end>vc->blocksize[1]/(res_setup->type==2?1:2)
> +        || (res_setup->end-res_setup->begin)/res_setup->partition_size>V_MAX_PARTITIONS) {
> +            av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %d, %d, %d, %d, %d\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1]/2);
> +            return 1;
> +        }

That sure is some ugly formatting..

Diego



More information about the ffmpeg-cvslog mailing list