[xiph-cvs] cvs commit: vorbis/lib floor0.c
Monty
xiphmont at xiph.org
Wed Jul 17 14:34:32 PDT 2002
xiphmont 02/07/17 14:34:32
Modified: lib floor0.c
Log:
Specwriting found a possible stack smash in floor0.c decode. repaired
Revision Changes Path
1.53 +6 -2 vorbis/lib/floor0.c
Index: floor0.c
===================================================================
RCS file: /usr/local/cvsroot/vorbis/lib/floor0.c,v
retrieving revision 1.52
retrieving revision 1.53
diff -u -r1.52 -r1.53
--- floor0.c 2002/06/28 22:19:35 1.52
+++ floor0.c 2002/07/17 21:34:31 1.53
@@ -11,7 +11,7 @@
********************************************************************
function: floor backend 0 implementation
- last mod: $Id: floor0.c,v 1.52 2002/06/28 22:19:35 xiphmont Exp $
+ last mod: $Id: floor0.c,v 1.53 2002/07/17 21:34:31 xiphmont Exp $
********************************************************************/
@@ -181,7 +181,11 @@
codec_setup_info *ci=vb->vd->vi->codec_setup;
codebook *b=ci->fullbooks+info->books[booknum];
float last=0.f;
- float *lsp=_vorbis_block_alloc(vb,sizeof(*lsp)*(look->m+1));
+
+ /* the additional b->dim is a guard against any possible stack
+ smash; b->dim is provably more than we can overflow the
+ vector */
+ float *lsp=_vorbis_block_alloc(vb,sizeof(*lsp)*(look->m+b->dim+1));
for(j=0;j<look->m;j+=b->dim)
if(vorbis_book_decodev_set(b,lsp+j,&vb->opb,b->dim)==-1)goto eop;
<p><p><p>--- >8 ----
List archives: http://www.xiph.org/archives/
Ogg project homepage: http://www.xiph.org/ogg/
To unsubscribe from this list, send a message to 'cvs-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the commits
mailing list