struct internal_state *state = strm->state;
int b;
-
if (state->bitp < n)
{
b = (63 - state->bitp) >> 3;
state->acc = 0;
while (state->acc == 0) {
+ if (strm->avail_in < 7)
+ return 0;
+
state->acc = (state->acc << 56)
| ((uint64_t)strm->next_in[0] << 48)
| ((uint64_t)strm->next_in[1] << 40)
state->rsip[i] = direct_get_fs(strm) << k;
if (k) {
+ if (strm->avail_in < (k * strm->block_size) / 8 + 9)
+ return M_ERROR;
+
for (i = state->ref; i < strm->block_size; i++)
*state->rsip++ += direct_get(strm, k);
} else {
if (fs_ask(strm) == 0)
return M_EXIT;
m = state->fs;
+ if (m > SE_TABLE_SIZE)
+ return M_ERROR;
d1 = m - state->se_table[2 * m + 1];
if ((state->i & 1) == 0) {
static int m_se(struct aec_stream *strm)
{
uint32_t i;
- int32_t m, d1;
+ uint32_t m;
+ int32_t d1;
struct internal_state *state = strm->state;
if (BUFFERSPACE(strm)) {
while (i < strm->block_size) {
m = direct_get_fs(strm);
+
+ if (m > SE_TABLE_SIZE)
+ return M_ERROR;
+
d1 = m - state->se_table[2 * m + 1];
if ((i & 1) == 0) {
}
state->in_blklen = (strm->block_size * strm->bits_per_sample
- + state->id_len) / 8 + 9;
+ + state->id_len) / 8 + 16;
modi = 1UL << state->id_len;
state->id_table = malloc(modi * sizeof(int (*)(struct aec_stream *)));
#define MIN(a, b) (((a) < (b))? (a): (b))
+#define SE_TABLE_SIZE 90
+
struct aec_stream;
struct internal_state {
uint32_t xmax;
/* length of uncompressed input block should be the longest
- possible block */
+ legal block */
uint32_t in_blklen;
/* length of output block in bytes */
uint32_t *flush_start;
/* table for decoding second extension option */
- int se_table[182];
+ int se_table[2 * (SE_TABLE_SIZE + 1)];
} decode_state;
#endif /* DECODE_H */
projects / platform / upstream / libaec.git / commitdiff