diff options
| author | Nils Wallménius <nils@rockbox.org> | 2010-12-08 16:48:17 +0000 |
|---|---|---|
| committer | Nils Wallménius <nils@rockbox.org> | 2010-12-08 16:48:17 +0000 |
| commit | f6297c1f3ef0b528fb6969bb065a42193e7a3394 (patch) | |
| tree | aab8f9f69046b1274b39a12a34758e16bf67810a | |
| parent | 7484fd3b18c7cf0f48f171cca40c29ec762c8310 (diff) | |
| download | rockbox-f6297c1f3ef0b528fb6969bb065a42193e7a3394.tar.gz rockbox-f6297c1f3ef0b528fb6969bb065a42193e7a3394.zip | |
libtremor: merge upstream revision 17539 and 17540 'Additional codebook validity checks.'
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@28771 a1c6a512-1295-4272-9138-f99709370657
| -rw-r--r-- | apps/codecs/libtremor/codebook.c | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/apps/codecs/libtremor/codebook.c b/apps/codecs/libtremor/codebook.c index fd473280b2..e00d648a59 100644 --- a/apps/codecs/libtremor/codebook.c +++ b/apps/codecs/libtremor/codebook.c | |||
| @@ -42,12 +42,17 @@ static_codebook *vorbis_staticbook_unpack(oggpack_buffer *opb){ | |||
| 42 | 42 | ||
| 43 | /* codeword ordering.... length ordered or unordered? */ | 43 | /* codeword ordering.... length ordered or unordered? */ |
| 44 | switch((int)oggpack_read(opb,1)){ | 44 | switch((int)oggpack_read(opb,1)){ |
| 45 | case 0: | 45 | case 0:{ |
| 46 | long unused; | ||
| 47 | /* allocated but unused entries? */ | ||
| 48 | unused=oggpack_read(opb,1); | ||
| 49 | if((s->entries*(unused?1:5)+7)>>3>opb->storage-oggpack_bytes(opb)) | ||
| 50 | goto _eofout; | ||
| 46 | /* unordered */ | 51 | /* unordered */ |
| 47 | s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries); | 52 | s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries); |
| 48 | 53 | ||
| 49 | /* allocated but unused entries? */ | 54 | /* allocated but unused entries? */ |
| 50 | if(oggpack_read(opb,1)){ | 55 | if(unused){ |
| 51 | /* yes, unused entries */ | 56 | /* yes, unused entries */ |
| 52 | 57 | ||
| 53 | for(i=0;i<s->entries;i++){ | 58 | for(i=0;i<s->entries;i++){ |
| @@ -68,17 +73,22 @@ static_codebook *vorbis_staticbook_unpack(oggpack_buffer *opb){ | |||
| 68 | } | 73 | } |
| 69 | 74 | ||
| 70 | break; | 75 | break; |
| 76 | } | ||
| 71 | case 1: | 77 | case 1: |
| 72 | /* ordered */ | 78 | /* ordered */ |
| 73 | { | 79 | { |
| 74 | long length=oggpack_read(opb,5)+1; | 80 | long length=oggpack_read(opb,5)+1; |
| 81 | if(length==0)goto _eofout; | ||
| 75 | s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries); | 82 | s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries); |
| 76 | 83 | ||
| 77 | for(i=0;i<s->entries;){ | 84 | for(i=0;i<s->entries;){ |
| 78 | long num=oggpack_read(opb,_ilog(s->entries-i)); | 85 | long num=oggpack_read(opb,_ilog(s->entries-i)); |
| 79 | if(num==-1)goto _eofout; | 86 | if(num==-1)goto _eofout; |
| 80 | if(length>32)goto _errout; | 87 | if(length>32 || num>s->entries-i || |
| 81 | for(j=0;j<num && i<s->entries;j++,i++) | 88 | (num>0 && (num-1)>>(length>>1)>>((length+1)>>1))>0){ |
| 89 | goto _errout; | ||
| 90 | } | ||
| 91 | for(j=0;j<num;j++,i++) | ||
| 82 | s->lengthlist[i]=length; | 92 | s->lengthlist[i]=length; |
| 83 | length++; | 93 | length++; |
| 84 | } | 94 | } |
| @@ -116,6 +126,8 @@ static_codebook *vorbis_staticbook_unpack(oggpack_buffer *opb){ | |||
| 116 | } | 126 | } |
| 117 | 127 | ||
| 118 | /* quantized values */ | 128 | /* quantized values */ |
| 129 | if((quantvals*s->q_quant+7)>>3>opb->storage-oggpack_bytes(opb)) | ||
| 130 | goto _eofout; | ||
| 119 | s->quantlist=(long *)_ogg_malloc(sizeof(*s->quantlist)*quantvals); | 131 | s->quantlist=(long *)_ogg_malloc(sizeof(*s->quantlist)*quantvals); |
| 120 | for(i=0;i<quantvals;i++) | 132 | for(i=0;i<quantvals;i++) |
| 121 | s->quantlist[i]=oggpack_read(opb,s->q_quant); | 133 | s->quantlist[i]=oggpack_read(opb,s->q_quant); |