From: Jeongmo Yang <jm80.yang@samsung.com>
Date: Tue, 5 Nov 2019 07:31:50 +0000 (+0900)
Subject: Fix CVE-2018-10392 : Sanity check number of channels in setup
X-Git-Tag: accepted/tizen/6.0/unified/20201030.105652^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5d7f126c7b6afbe85fb2ac0a7741e3c131bab8c4;hp=fabb5557362fd9dc2af2e0307d2876aee7103587;p=platform%2Fupstream%2Flibvorbis.git

Fix CVE-2018-10392 : Sanity check number of channels in setup

Change-Id: I14540b2c3f455f4eeb5ef43d8f90865fdcc801c2
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
---

diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
index f0f7c08..2862cfd 100644
--- a/lib/vorbisenc.c
+++ b/lib/vorbisenc.c
@@ -685,6 +685,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
   highlevel_encode_setup *hi=&ci->hi;
 
   if(ci==NULL)return(OV_EINVAL);
+  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
   if(!hi->impulse_block_p)i0=1;
 
   /* too low/high an ATH floater is nonsensical, but doesn't break anything */