[xiph-commits] r14506 - trunk/speex/src
jm at svn.xiph.org
jm at svn.xiph.org
Wed Feb 13 18:32:56 PST 2008
Author: jm
Date: 2008-02-13 18:32:55 -0800 (Wed, 13 Feb 2008)
New Revision: 14506
Modified:
trunk/speex/src/speexdec.c
Log:
fixed another bug found by gmaxwell's fuzzing (and fixed the previous fix)
Modified: trunk/speex/src/speexdec.c
===================================================================
--- trunk/speex/src/speexdec.c 2008-02-14 02:03:39 UTC (rev 14505)
+++ trunk/speex/src/speexdec.c 2008-02-14 02:32:55 UTC (rev 14506)
@@ -106,7 +106,7 @@
end = c+length;
len=readint(c, 0);
c+=4;
- if (c+len>end)
+ if (len < 0 || c+len>end)
{
fprintf (stderr, "Invalid/corrupted comments\n");
return;
@@ -130,7 +130,7 @@
}
len=readint(c, 0);
c+=4;
- if (c+len>end)
+ if (len < 0 || c+len>end)
{
fprintf (stderr, "Invalid/corrupted comments\n");
return;
@@ -365,7 +365,7 @@
if (!(*channels==1))
{
- channels = 2;
+ *channels = 2;
callback.callback_id = SPEEX_INBAND_STEREO;
callback.func = speex_std_stereo_request_handler;
callback.data = stereo;
More information about the commits
mailing list