devs/foxbox
1
0
Fork 0
forked from len0rd/rockbox
Code Pull requests Activity

libtremor: merge upstream revision 17513 'Add code to prevent heap attacks by exploiting dim==bignum and partition_codewords==partion_values^dim.'

Browse source 
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@28747 a1c6a512-1295-4272-9138-f99709370657
This commit is contained in:
Nils Wallménius 2010-12-06 16:48:57 +00:00
parent 0d43bf6a88
commit bdf8a243fa
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
apps/codecs/libtremor/res012.c
View file

@ -112,6 +112,20 @@ static vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
for(j=0;j<acc;j++)
if(info->booklist[j]>=ci->books)goto errout;
/* verify the phrasebook is not specifying an impossible or
inconsistent partitioning scheme. */
{
int entries = ci->book_param[info->groupbook]->entries;
int dim = ci->book_param[info->groupbook]->dim;
int partvals = 1;
while(dim>0){
partvals *= info->partitions;
if(partvals > entries) goto errout;
dim--;
}
if(partvals != entries) goto errout;
}
return(info);
errout:
res0_free_info(info);