Check res_setup->books.

15_more_residue_book_indexes.patch by chrome. r19992 by michael Originally committed as revision 21728 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
author: Google Chrome <> 2010-02-09 19:52:27 +0000
committer: Reinhard Tartler <siretart@tauware.de> 2010-02-09 19:52:27 +0000
commit: 736d36b79231d72699dce3449fc9d80c46d2aa19 (patch)
tree: 8bdd1e0377685974159aac0747a4eb2de24461cd
parent: dc5cc27d5ade462e7b2aa617285a4d64ee4000d7 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index cfcb29c42d..e596d48d2c 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -668,7 +668,12 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){
         for(j=0;j<res_setup->classifications;++j) {
             for(k=0;k<8;++k) {
                 if (cascade[j]&(1<<k)) {
-                        res_setup->books[j][k]=get_bits(gb, 8);
+                    int bits=get_bits(gb, 8);
+                    if (bits>=vc->codebook_count) {
+                        av_log(vc->avccontext, AV_LOG_ERROR, "book value %d out of range. \n", bits);
+                        return 1;
+                    }
+                    res_setup->books[j][k]=bits;
 
                     AV_DEBUG("     %d class casscade depth %d book: %d \n", j, k, res_setup->books[j][k]);
author	Google Chrome <>	2010-02-09 19:52:27 +0000
committer	Reinhard Tartler <siretart@tauware.de>	2010-02-09 19:52:27 +0000
commit	736d36b79231d72699dce3449fc9d80c46d2aa19 (patch)
tree	8bdd1e0377685974159aac0747a4eb2de24461cd
parent	dc5cc27d5ade462e7b2aa617285a4d64ee4000d7 (diff)