Don't allow ordered codebooks with codeword lengths longer than 32 bits.
authorTim Terriberry <tterribe@xiph.org>
Thu, 1 Oct 2009 02:54:22 +0000 (02:54 +0000)
committerTim Terriberry <tterribe@xiph.org>
Thu, 1 Oct 2009 02:54:22 +0000 (02:54 +0000)
svn path=/trunk/vorbis/; revision=16597

lib/codebook.c

index 1249096d099f224f8588815fd5952f550a760c59..67df6ec27db8774fc263336b411f9e42ad1d8170 100644 (file)
@@ -198,6 +198,7 @@ int vorbis_staticbook_unpack(oggpack_buffer *opb,static_codebook *s){
       for(i=0;i<s->entries;){
         long num=oggpack_read(opb,_ilog(s->entries-i));
         if(num==-1)goto _eofout;
+        if(length>32)goto _errout;
         for(j=0;j<num && i<s->entries;j++,i++)
           s->lengthlist[i]=length;
         length++;