dd checks/rejection for absurdly huge codebooks.

author Monty <xiphmont@xiph.org>

Wed, 19 Mar 2008 08:03:29 +0000 (08:03 +0000)

committer Monty <xiphmont@xiph.org>

Wed, 19 Mar 2008 08:03:29 +0000 (08:03 +0000)
author Monty <xiphmont@xiph.org>
Wed, 19 Mar 2008 08:03:29 +0000 (08:03 +0000)
committer Monty <xiphmont@xiph.org>
Wed, 19 Mar 2008 08:03:29 +0000 (08:03 +0000)
diff --git a/lib/codebook.c b/lib/codebook.c

index d6780dd..df2a68e 100644 (file)
--- a/lib/codebook.c
+++ b/lib/codebook.c
@@ -159,6 +159,8 @@ int vorbis_staticbook_unpack(oggpack_buffer *opb,static_codebook *s){
    s->entries=oggpack_read(opb,24);
    if(s->entries==-1)goto _eofout;
  
+  if(_ilog(s->dim)+_ilog(s->entries)>24)goto _eofout;
+
    /* codeword ordering.... length ordered or unordered? */
    switch((int)oggpack_read(opb,1)){
    case 0:
author	Monty <xiphmont@xiph.org>
	Wed, 19 Mar 2008 08:03:29 +0000 (08:03 +0000)
committer	Monty <xiphmont@xiph.org>
	Wed, 19 Mar 2008 08:03:29 +0000 (08:03 +0000)