[xiph-commits] r17513 - trunk/Tremor
tterribe at svn.xiph.org
tterribe at svn.xiph.org
Wed Oct 13 13:22:50 PDT 2010
Author: tterribe
Date: 2010-10-13 13:22:50 -0700 (Wed, 13 Oct 2010)
New Revision: 17513
Modified:
trunk/Tremor/res012.c
Log:
Forward port r14598 from libvorbis.
Add code to prevent heap attacks by exploiting dim==bignum and
partition_codewords==partion_values^dim.
Modified: trunk/Tremor/res012.c
===================================================================
--- trunk/Tremor/res012.c 2010-10-13 20:19:25 UTC (rev 17512)
+++ trunk/Tremor/res012.c 2010-10-13 20:22:50 UTC (rev 17513)
@@ -113,6 +113,20 @@
for(j=0;j<acc;j++)
if(info->booklist[j]>=ci->books)goto errout;
+ /* verify the phrasebook is not specifying an impossible or
+ inconsistent partitioning scheme. */
+ {
+ int entries = ci->book_param[info->groupbook]->entries;
+ int dim = ci->book_param[info->groupbook]->dim;
+ int partvals = 1;
+ while(dim>0){
+ partvals *= info->partitions;
+ if(partvals > entries) goto errout;
+ dim--;
+ }
+ if(partvals != entries) goto errout;
+ }
+
return(info);
errout:
res0_free_info(info);
More information about the commits
mailing list