[xiph-commits] r17027 - trunk/vorbis/lib

[xiphmont at svn.xiph.org]

Author: xiphmont
Date: 2010-03-24 22:21:20 -0700 (Wed, 24 Mar 2010)
New Revision: 17027

Modified:
   trunk/vorbis/lib/synthesis.c
Log:
Apply patches from Trac #1638, additional application hardening (not 
bugfixes, but ignoring easy-to-catch cases of improper lib use) and one 
more bitstream guard.



Modified: trunk/vorbis/lib/synthesis.c
===================================================================
--- trunk/vorbis/lib/synthesis.c	2010-03-25 05:00:27 UTC (rev 17026)
+++ trunk/vorbis/lib/synthesis.c	2010-03-25 05:21:20 UTC (rev 17027)
@@ -24,13 +24,17 @@
 #include "os.h"
 
 int vorbis_synthesis(vorbis_block *vb,ogg_packet *op){
-  vorbis_dsp_state     *vd=vb->vd;
-  private_state        *b=vd->backend_state;
-  vorbis_info          *vi=vd->vi;
-  codec_setup_info     *ci=vi->codec_setup;
-  oggpack_buffer       *opb=&vb->opb;
+  vorbis_dsp_state     *vd= vb ? vb->vd : 0;
+  private_state        *b= vd ? vd->backend_state : 0;
+  vorbis_info          *vi= vd ? vd->vi : 0;
+  codec_setup_info     *ci= vi ? vi->codec_setup : 0;
+  oggpack_buffer       *opb=vb ? &vb->opb : 0;
   int                   type,mode,i;
 
+  if (!vd || !b || !vi || !ci || !opb) {
+    return OV_EBADPACKET;
+  }
+
   /* first things first.  Make sure decode is ready */
   _vorbis_block_ripcord(vb);
   oggpack_readinit(opb,op->packet,op->bytes);
@@ -43,9 +47,15 @@
 
   /* read our mode and pre/post windowsize */
   mode=oggpack_read(opb,b->modebits);
-  if(mode==-1)return(OV_EBADPACKET);
+  if(mode==-1){
+    return(OV_EBADPACKET);
+  }
 
   vb->mode=mode;
+  if(!ci->mode_param[mode]){
+    return(OV_EBADPACKET);
+  }
+
   vb->W=ci->mode_param[mode]->blockflag;
   if(vb->W){
 
@@ -53,7 +63,9 @@
        only for window selection */
     vb->lW=oggpack_read(opb,1);
     vb->nW=oggpack_read(opb,1);
-    if(vb->nW==-1)   return(OV_EBADPACKET);
+    if(vb->nW==-1){
+      return(OV_EBADPACKET);
+    }
   }else{
     vb->lW=0;
     vb->nW=0;