From 5d7f126c7b6afbe85fb2ac0a7741e3c131bab8c4 Mon Sep 17 00:00:00 2001
From: Jeongmo Yang <jm80.yang@samsung.com>
Date: Tue, 5 Nov 2019 16:31:50 +0900
Subject: [PATCH] Fix CVE-2018-10392 : Sanity check number of channels in setup

Change-Id: I14540b2c3f455f4eeb5ef43d8f90865fdcc801c2
Signed-off-by: Jeongmo Yang <jm80.yang@samsung.com>
---
 lib/vorbisenc.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c
index f0f7c08..2862cfd 100644
--- a/lib/vorbisenc.c
+++ b/lib/vorbisenc.c
@@ -685,6 +685,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){
   highlevel_encode_setup *hi=&ci->hi;
 
   if(ci==NULL)return(OV_EINVAL);
+  if(vi->channels<1||vi->channels>255)return(OV_EINVAL);
   if(!hi->impulse_block_p)i0=1;
 
   /* too low/high an ATH floater is nonsensical, but doesn't break anything */
-- 
2.7.4