[xiph-commits] r16218 - trunk/vorbis/lib
xiphmont at svn.xiph.org
xiphmont at svn.xiph.org
Tue Jul 7 16:18:05 PDT 2009
Author: xiphmont
Date: 2009-07-07 16:18:05 -0700 (Tue, 07 Jul 2009)
New Revision: 16218
Modified:
trunk/vorbis/lib/res0.c
Log:
Fix for Mozilla BZ #501279
Will need to review/patch Tremor as well, more thorough pattern review
of unpacking in the face of incomplete header packets in progress in
mainline as well.
Modified: trunk/vorbis/lib/res0.c
===================================================================
--- trunk/vorbis/lib/res0.c 2009-07-07 22:44:49 UTC (rev 16217)
+++ trunk/vorbis/lib/res0.c 2009-07-07 23:18:05 UTC (rev 16218)
@@ -208,16 +208,27 @@
info->partitions=oggpack_read(opb,6)+1;
info->groupbook=oggpack_read(opb,8);
+ /* check for premature EOP */
+ if(info->groupbook<0)goto errout;
+
for(j=0;j<info->partitions;j++){
int cascade=oggpack_read(opb,3);
- if(oggpack_read(opb,1))
- cascade|=(oggpack_read(opb,5)<<3);
+ int cflag=oggpack_read(opb,1);
+ if(cflag<0) goto errout;
+ if(cflag){
+ int c=oggpack_read(opb,5);
+ if(c<0) goto errout;
+ cascade|=(c<<3);
+ }
info->secondstages[j]=cascade;
acc+=icount(cascade);
}
- for(j=0;j<acc;j++)
- info->booklist[j]=oggpack_read(opb,8);
+ for(j=0;j<acc;j++){
+ int book=oggpack_read(opb,8);
+ if(book<0) goto errout;
+ info->booklist[j]=book;
+ }
if(info->groupbook>=ci->books)goto errout;
for(j=0;j<acc;j++){
More information about the commits
mailing list