summaryrefslogtreecommitdiff
path: root/apps/codecs/libtremor/mapping0.c
diff options
context:
space:
mode:
authorNils Wallménius <nils@rockbox.org>2010-12-07 16:55:36 +0000
committerNils Wallménius <nils@rockbox.org>2010-12-07 16:55:36 +0000
commit1930e9f4baee8086195e147b9580ebbf3042b3cc (patch)
tree5f8497aa24b0eaa61ff0b6d95c42f694c57459bd /apps/codecs/libtremor/mapping0.c
parent02f836b1b2ab2fd827be950b1f41cdbed1572c5a (diff)
downloadrockbox-1930e9f4baee8086195e147b9580ebbf3042b3cc.tar.gz
rockbox-1930e9f4baee8086195e147b9580ebbf3042b3cc.zip
libtremor: merge upstream revision 17525 'Commit additional hardening to setup packet decode.'
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@28762 a1c6a512-1295-4272-9138-f99709370657
Diffstat (limited to 'apps/codecs/libtremor/mapping0.c')
-rw-r--r--apps/codecs/libtremor/mapping0.c24
1 files changed, 15 insertions, 9 deletions
diff --git a/apps/codecs/libtremor/mapping0.c b/apps/codecs/libtremor/mapping0.c
index 27db815f3b..3f082c5d58 100644
--- a/apps/codecs/libtremor/mapping0.c
+++ b/apps/codecs/libtremor/mapping0.c
@@ -128,19 +128,24 @@ static int ilog(unsigned int v){
128 128
129/* also responsible for range checking */ 129/* also responsible for range checking */
130static vorbis_info_mapping *mapping0_unpack(vorbis_info *vi,oggpack_buffer *opb){ 130static vorbis_info_mapping *mapping0_unpack(vorbis_info *vi,oggpack_buffer *opb){
131 int i; 131 int i,b;
132 vorbis_info_mapping0 *info=(vorbis_info_mapping0 *)_ogg_calloc(1,sizeof(*info)); 132 vorbis_info_mapping0 *info=(vorbis_info_mapping0 *)_ogg_calloc(1,sizeof(*info));
133 codec_setup_info *ci=(codec_setup_info *)vi->codec_setup; 133 codec_setup_info *ci=(codec_setup_info *)vi->codec_setup;
134 memset(info,0,sizeof(*info)); 134 memset(info,0,sizeof(*info));
135 135
136 if(oggpack_read(opb,1)) 136 b=oggpack_read(opb,1);
137 if(b<0)goto err_out;
138 if(b){
137 info->submaps=oggpack_read(opb,4)+1; 139 info->submaps=oggpack_read(opb,4)+1;
138 else 140 if(info->submaps<=0)goto err_out;
141 }else
139 info->submaps=1; 142 info->submaps=1;
140 143
141 if(oggpack_read(opb,1)){ 144 b=oggpack_read(opb,1);
145 if(b<0)goto err_out;
146 if(b){
142 info->coupling_steps=oggpack_read(opb,8)+1; 147 info->coupling_steps=oggpack_read(opb,8)+1;
143 148 if(info->coupling_steps<=0)goto err_out;
144 for(i=0;i<info->coupling_steps;i++){ 149 for(i=0;i<info->coupling_steps;i++){
145 int testM=info->coupling_mag[i]=oggpack_read(opb,ilog(vi->channels)); 150 int testM=info->coupling_mag[i]=oggpack_read(opb,ilog(vi->channels));
146 int testA=info->coupling_ang[i]=oggpack_read(opb,ilog(vi->channels)); 151 int testA=info->coupling_ang[i]=oggpack_read(opb,ilog(vi->channels));
@@ -154,21 +159,22 @@ static vorbis_info_mapping *mapping0_unpack(vorbis_info *vi,oggpack_buffer *opb)
154 159
155 } 160 }
156 161
157 if(oggpack_read(opb,2)>0)goto err_out; /* 2,3:reserved */ 162 if(oggpack_read(opb,2)!=0)goto err_out; /* 2,3:reserved */
158 163
159 if(info->submaps>1){ 164 if(info->submaps>1){
160 for(i=0;i<vi->channels;i++){ 165 for(i=0;i<vi->channels;i++){
161 info->chmuxlist[i]=oggpack_read(opb,4); 166 info->chmuxlist[i]=oggpack_read(opb,4);
162 if(info->chmuxlist[i]>=info->submaps)goto err_out; 167 if(info->chmuxlist[i]>=info->submaps || info->chmuxlist[i]<0)goto err_out;
163 } 168 }
164 } 169 }
165 for(i=0;i<info->submaps;i++){ 170 for(i=0;i<info->submaps;i++){
166 int temp=oggpack_read(opb,8); 171 int temp=oggpack_read(opb,8);
167 if(temp>=ci->times)goto err_out; 172 if(temp>=ci->times)goto err_out;
168 info->floorsubmap[i]=oggpack_read(opb,8); 173 info->floorsubmap[i]=oggpack_read(opb,8);
169 if(info->floorsubmap[i]>=ci->floors)goto err_out; 174 if(info->floorsubmap[i]>=ci->floors || info->floorsubmap[i]<0)goto err_out;
170 info->residuesubmap[i]=oggpack_read(opb,8); 175 info->residuesubmap[i]=oggpack_read(opb,8);
171 if(info->residuesubmap[i]>=ci->residues)goto err_out; 176 if(info->residuesubmap[i]>=ci->residues || info->residuesubmap[i]<0)
177 goto err_out;
172 } 178 }
173 179
174 return info; 180 return info;
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-27 04:16:36 +0000