Fix for bug #1456-- the 'bulletproofing' from CVE-2008-1420 inadvertantly

rejects a harmless/legal (if suboptimal) codebook arrangement that was
apparently used in 1.0b1.

svn path=/trunk/vorbis/; revision=15532

diff --git a/doc/xml/08-residue.xml b/doc/xml/08-residue.xml
index 2141be0..f97c3b2 100644 (file)
--- a/doc/xml/08-residue.xml
+++ b/doc/xml/08-residue.xml
@@ -220,7 +220,7 @@ codeword.  Note that the number of entries and dimensions in book
 <varname>[residue_classifications]</varname>, overdetermines to
 possible number of classification codewords.  If
 <varname>[residue_classifications]</varname>^<varname>[residue_classbook]</varname>.dimensions
-does not equal <varname>[residue_classbook]</varname>.entries, the
+exceeds <varname>[residue_classbook]</varname>.entries, the
 bitstream should be regarded to be undecodable. </para>
 
 <para>

diff --git a/lib/res0.c b/lib/res0.c
index d74864e..e3f2dc8 100644 (file)
--- a/lib/res0.c
+++ b/lib/res0.c
@@ -234,7 +234,6 @@ vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
       if(partvals > entries) goto errout;
       dim--;
     }
-    if(partvals != entries) goto errout;
   }
 
   return(info);