From baa60cc70e72d398bcff8d26ac00825ce8f16be9 Mon Sep 17 00:00:00 2001 From: Monty Date: Thu, 25 Mar 2010 05:21:20 +0000 Subject: [PATCH] Apply patches from Trac #1638, additional application hardening (not bugfixes, but ignoring easy-to-catch cases of improper lib use) and one more bitstream guard. svn path=/trunk/vorbis/; revision=17027 --- lib/synthesis.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/lib/synthesis.c b/lib/synthesis.c index 35fe7f5..bcf99c5 100644 --- a/lib/synthesis.c +++ b/lib/synthesis.c @@ -24,13 +24,17 @@ #include "os.h" int vorbis_synthesis(vorbis_block *vb,ogg_packet *op){ - vorbis_dsp_state *vd=vb->vd; - private_state *b=vd->backend_state; - vorbis_info *vi=vd->vi; - codec_setup_info *ci=vi->codec_setup; - oggpack_buffer *opb=&vb->opb; + vorbis_dsp_state *vd= vb ? vb->vd : 0; + private_state *b= vd ? vd->backend_state : 0; + vorbis_info *vi= vd ? vd->vi : 0; + codec_setup_info *ci= vi ? vi->codec_setup : 0; + oggpack_buffer *opb=vb ? &vb->opb : 0; int type,mode,i; + if (!vd || !b || !vi || !ci || !opb) { + return OV_EBADPACKET; + } + /* first things first. Make sure decode is ready */ _vorbis_block_ripcord(vb); oggpack_readinit(opb,op->packet,op->bytes); @@ -43,9 +47,15 @@ int vorbis_synthesis(vorbis_block *vb,ogg_packet *op){ /* read our mode and pre/post windowsize */ mode=oggpack_read(opb,b->modebits); - if(mode==-1)return(OV_EBADPACKET); + if(mode==-1){ + return(OV_EBADPACKET); + } vb->mode=mode; + if(!ci->mode_param[mode]){ + return(OV_EBADPACKET); + } + vb->W=ci->mode_param[mode]->blockflag; if(vb->W){ @@ -53,7 +63,9 @@ int vorbis_synthesis(vorbis_block *vb,ogg_packet *op){ only for window selection */ vb->lW=oggpack_read(opb,1); vb->nW=oggpack_read(opb,1); - if(vb->nW==-1) return(OV_EBADPACKET); + if(vb->nW==-1){ + return(OV_EBADPACKET); + } }else{ vb->lW=0; vb->nW=0; -- 2.7.4