git.sesse.net Git - vlc/blob - extras/contrib/src/Patches/libvorbis-r14598-CVE-2008-1420.patch

   1 Index: lib/res0.c
   2 ===================================================================
   3 --- lib/res0.c  (revision 14597)
   4 +++ lib/res0.c  (revision 14598)
   5 @@ -223,6 +223,20 @@
   6    for(j=0;j<acc;j++)
   7      if(info->booklist[j]>=ci->books)goto errout;
   8
   9 +  /* verify the phrasebook is not specifying an impossible or
  10 +     inconsistent partitioning scheme. */
  11 +  {
  12 +    int entries = ci->book_param[info->groupbook]->entries;
  13 +    int dim = ci->book_param[info->groupbook]->dim;
  14 +    int partvals = 1;
  15 +    while(dim>0){
  16 +      partvals *= info->partitions;
  17 +      if(partvals > entries) goto errout;
  18 +      dim--;
  19 +    }
  20 +    if(partvals != entries) goto errout;
  21 +  }
  22 +
  23    return(info);
  24   errout:
  25    res0_free_info(info);
  26 @@ -263,7 +277,7 @@
  27      }
  28    }
  29
  30 -  look->partvals=rint(pow((float)look->parts,(float)dim));
  31 +  look->partvals=look->phrasebook->entries;
  32    look->stages=maxstage;
  33    look->decodemap=_ogg_malloc(look->partvals*sizeof(*look->decodemap));
  34    for(j=0;j<look->partvals;j++){