Check res_setup->books.

author Google Chrome <>

Wed, 23 Sep 2009 12:24:21 +0000 (12:24 +0000)

committer Michael Niedermayer <michaelni@gmx.at>

Wed, 23 Sep 2009 12:24:21 +0000 (12:24 +0000)
author Google Chrome <>
Wed, 23 Sep 2009 12:24:21 +0000 (12:24 +0000)
committer Michael Niedermayer <michaelni@gmx.at>
Wed, 23 Sep 2009 12:24:21 +0000 (12:24 +0000)
diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c

index 3daba8f..ca43e99 100644 (file)
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -663,7 +663,12 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){
          for(j=0;j<res_setup->classifications;++j) {
              for(k=0;k<8;++k) {
                  if (cascade[j]&(1<<k)) {
-                        res_setup->books[j][k]=get_bits(gb, 8);
+                    int bits=get_bits(gb, 8);
+                    if (bits>=vc->codebook_count) {
+                        av_log(vc->avccontext, AV_LOG_ERROR, "book value %d out of range. \n", bits);
+                        return 1;
+                    }
+                    res_setup->books[j][k]=bits;
  
                      AV_DEBUG("     %d class casscade depth %d book: %d \n", j, k, res_setup->books[j][k]);
author	Google Chrome <>
	Wed, 23 Sep 2009 12:24:21 +0000 (12:24 +0000)
committer	Michael Niedermayer <michaelni@gmx.at>
	Wed, 23 Sep 2009 12:24:21 +0000 (12:24 +0000)