Fix for bug #1456-- the 'bulletproofing' from CVE-2008-1420 inadvertantly
authorMonty <xiphmont@xiph.org>
Tue, 25 Nov 2008 01:46:22 +0000 (01:46 +0000)
committerMonty <xiphmont@xiph.org>
Tue, 25 Nov 2008 01:46:22 +0000 (01:46 +0000)
rejects a harmless/legal (if suboptimal) codebook arrangement that was
apparently used in 1.0b1.

svn path=/trunk/vorbis/; revision=15532

doc/xml/08-residue.xml
lib/res0.c

index 2141be0..f97c3b2 100644 (file)
@@ -220,7 +220,7 @@ codeword.  Note that the number of entries and dimensions in book
 <varname>[residue_classifications]</varname>, overdetermines to
 possible number of classification codewords.  If
 <varname>[residue_classifications]</varname>^<varname>[residue_classbook]</varname>.dimensions
-does not equal <varname>[residue_classbook]</varname>.entries, the
+exceeds <varname>[residue_classbook]</varname>.entries, the
 bitstream should be regarded to be undecodable. </para>
 
 <para>
index d74864e..e3f2dc8 100644 (file)
@@ -234,7 +234,6 @@ vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
       if(partvals > entries) goto errout;
       dim--;
     }
-    if(partvals != entries) goto errout;
   }
 
   return(info);