From b8ec4c49bd751f23aa175dbb64ff8d75edb7b917 Mon Sep 17 00:00:00 2001
From: Google Chrome <>
Date: Tue, 9 Feb 2010 19:47:42 +0000
Subject: Check classbook value. 11_vorbis_residue_book_index.patch by chrome.

r19989 by michael


Originally committed as revision 21725 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
---
 libavcodec/vorbis_dec.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index 29e7bdbf41..4410fc04c3 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -635,6 +635,10 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){
         res_setup->partition_size=get_bits(gb, 24)+1;
         res_setup->classifications=get_bits(gb, 6)+1;
         res_setup->classbook=get_bits(gb, 8);
+        if (res_setup->classbook>=vc->codebook_count) {
+            av_log(vc->avccontext, AV_LOG_ERROR, "classbook value %d out of range. \n", res_setup->classbook);
+            return 1;
+        }
 
         AV_DEBUG("    begin %d end %d part.size %d classif.s %d classbook %d \n", res_setup->begin, res_setup->end, res_setup->partition_size,
           res_setup->classifications, res_setup->classbook);
-- 
cgit v1.2.3