From 8060b3457e20e6223b70927693f8da8f547b8fef Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Kempf <jb@videolan.org>
Date: Thu, 17 Apr 2008 11:19:35 -0700
Subject: [PATCH] =?utf8?q?Fix=20for=20[oCERT-2008-004]=20multiple=20speex?=
 =?utf8?q?=20implementations=20insufficient=20boundary=20checks.=20Patch?=
 =?utf8?q?=20by=20Eren=20T=C3=BCrkay?=
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

---
 THANKS                | 1 +
 modules/codec/speex.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/THANKS b/THANKS
index f32bb99caa..56b9cad5c3 100644
--- a/THANKS
+++ b/THANKS
@@ -78,6 +78,7 @@ Dylan Yudaken <dyudaken -- gmail # com> - hotkeys patch
 Emmanuel Blindauer <manu at agat.net> - aRts audio output
 Enrico Gueli <e_gueli at yahoo.it> - Brightness threshold in adjust video filter
 Enrique Osuna <enrique.osuna at gmail.com> - Various bug fixes in libvlc. Major Mac OS X Framework improvements.
+Eren Türkay <turkay dot eren \a/ gmail point com> - Speex boundary checks and security fix
 Espen Skoglund <esk at ira.uka.de> - FreeBSD autoconf and Makefile patches
 Ethan C. Baldridge <BaldridgeE at cadmus.com> - directory browsing code
 Eurodata Computer Club <retron.info> - VLC icon design (v0.8.4)
diff --git a/modules/codec/speex.c b/modules/codec/speex.c
index d563245354..83890bbfd6 100644
--- a/modules/codec/speex.c
+++ b/modules/codec/speex.c
@@ -357,7 +357,7 @@ static int ProcessInitialHeader( decoder_t *p_dec, ogg_packet *p_oggpacket )
         msg_Err( p_dec, "cannot read Speex header" );
         return VLC_EGENERIC;
     }
-    if( p_header->mode >= SPEEX_NB_MODES )
+    if( p_header->mode >= SPEEX_NB_MODES || p_header->mode < 0 )
     {
         msg_Err( p_dec, "mode number %d does not (yet/any longer) exist in "
                  "this version of libspeex.", p_header->mode );
-- 
2.39.2