[FFmpeg-cvslog] r23812 - trunk/libavcodec/vorbis_dec.c
conrad
subversion
Sun Jun 27 03:46:24 CEST 2010
Author: conrad
Date: Sun Jun 27 03:46:23 2010
New Revision: 23812
Log:
vorbisdec: Take channels into account when checking against residue overflow
Fixes issue1969
Modified:
trunk/libavcodec/vorbis_dec.c
Modified: trunk/libavcodec/vorbis_dec.c
==============================================================================
--- trunk/libavcodec/vorbis_dec.c Sun Jun 27 03:46:20 2010 (r23811)
+++ trunk/libavcodec/vorbis_dec.c Sun Jun 27 03:46:23 2010 (r23812)
@@ -645,7 +645,7 @@ static int vorbis_parse_setup_hdr_residu
res_setup->partition_size = get_bits(gb, 24) + 1;
/* Validations to prevent a buffer overflow later. */
if (res_setup->begin>res_setup->end ||
- res_setup->end>vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
+ res_setup->end > vc->avccontext->channels * vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
(res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) {
av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIdFAST16", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32", %"PRIdFAST32"\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1] / 2);
return -1;
More information about the ffmpeg-cvslog
mailing list