summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorNils Wallménius <nils@rockbox.org>2010-12-08 16:48:17 +0000
committerNils Wallménius <nils@rockbox.org>2010-12-08 16:48:17 +0000
commitf6297c1f3ef0b528fb6969bb065a42193e7a3394 (patch)
treeaab8f9f69046b1274b39a12a34758e16bf67810a /apps
parent7484fd3b18c7cf0f48f171cca40c29ec762c8310 (diff)
downloadrockbox-f6297c1f3ef0b528fb6969bb065a42193e7a3394.tar.gz
rockbox-f6297c1f3ef0b528fb6969bb065a42193e7a3394.tar.bz2
rockbox-f6297c1f3ef0b528fb6969bb065a42193e7a3394.zip
libtremor: merge upstream revision 17539 and 17540 'Additional codebook validity checks.'
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@28771 a1c6a512-1295-4272-9138-f99709370657
Diffstat (limited to 'apps')
-rw-r--r--apps/codecs/libtremor/codebook.c20
1 files changed, 16 insertions, 4 deletions
diff --git a/apps/codecs/libtremor/codebook.c b/apps/codecs/libtremor/codebook.c
index fd473280b2..e00d648a59 100644
--- a/apps/codecs/libtremor/codebook.c
+++ b/apps/codecs/libtremor/codebook.c
@@ -42,12 +42,17 @@ static_codebook *vorbis_staticbook_unpack(oggpack_buffer *opb){
/* codeword ordering.... length ordered or unordered? */
switch((int)oggpack_read(opb,1)){
- case 0:
+ case 0:{
+ long unused;
+ /* allocated but unused entries? */
+ unused=oggpack_read(opb,1);
+ if((s->entries*(unused?1:5)+7)>>3>opb->storage-oggpack_bytes(opb))
+ goto _eofout;
/* unordered */
s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries);
/* allocated but unused entries? */
- if(oggpack_read(opb,1)){
+ if(unused){
/* yes, unused entries */
for(i=0;i<s->entries;i++){
@@ -68,17 +73,22 @@ static_codebook *vorbis_staticbook_unpack(oggpack_buffer *opb){
}
break;
+ }
case 1:
/* ordered */
{
long length=oggpack_read(opb,5)+1;
+ if(length==0)goto _eofout;
s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries);
for(i=0;i<s->entries;){
long num=oggpack_read(opb,_ilog(s->entries-i));
if(num==-1)goto _eofout;
- if(length>32)goto _errout;
- for(j=0;j<num && i<s->entries;j++,i++)
+ if(length>32 || num>s->entries-i ||
+ (num>0 && (num-1)>>(length>>1)>>((length+1)>>1))>0){
+ goto _errout;
+ }
+ for(j=0;j<num;j++,i++)
s->lengthlist[i]=length;
length++;
}
@@ -116,6 +126,8 @@ static_codebook *vorbis_staticbook_unpack(oggpack_buffer *opb){
}
/* quantized values */
+ if((quantvals*s->q_quant+7)>>3>opb->storage-oggpack_bytes(opb))
+ goto _eofout;
s->quantlist=(long *)_ogg_malloc(sizeof(*s->quantlist)*quantvals);
for(i=0;i<quantvals;i++)
s->quantlist[i]=oggpack_read(opb,s->q_quant);