[MPlayer-cvslog] CVS: main/mp3lib layer2.c,1.6,1.7
Jindrich Makovicka CVS
syncmail at mplayerhq.hu
Sun Apr 10 18:42:27 CEST 2005
CVS change done by Jindrich Makovicka CVS
Update of /cvsroot/mplayer/main/mp3lib
In directory mail:/var2/tmp/cvs-serv28935
Modified Files:
layer2.c
Log Message:
Security fixes ported from Debian
Fix insufficient validation of MPEG header values, discovered by Yuri D'Elia
(CAN-2004-0991).
Fix buffer overflow in layer2 decoder (CVE ID CAN-2004-0805).
Index: layer2.c
===================================================================
RCS file: /cvsroot/mplayer/main/mp3lib/layer2.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- layer2.c 14 Sep 2004 21:02:19 -0000 1.6
+++ layer2.c 10 Apr 2005 16:42:25 -0000 1.7
@@ -263,7 +263,7 @@
{ alloc_0, alloc_1, alloc_2, alloc_3 , alloc_4 };
static int sblims[5] = { 27 , 30 , 8, 12 , 30 };
- if(fr->lsf)
+ if(fr->sampling_frequency >= 3) /* Or equivalent: (fr->lsf == 1) */
table = 4;
else
table = translate[fr->sampling_frequency][2-fr->stereo][fr->bitrate_index];
@@ -288,6 +288,11 @@
fr->jsbound = (fr->mode == MPG_MD_JOINT_STEREO) ?
(fr->mode_ext<<2)+4 : fr->II_sblimit;
+ if (fr->jsbound > fr->II_sblimit) {
+ fprintf(stderr, "Truncating stereo boundary to sideband limit.\n");
+ fr->jsbound=fr->II_sblimit;
+ }
+
if(stereo == 1 || single == 3)
single = 0;
More information about the MPlayer-cvslog
mailing list