From 79a4258141f8d7c68556eec68ddb88ca556f29e0 Mon Sep 17 00:00:00 2001
From: Google Chrome <>
Date: Wed, 23 Sep 2009 12:02:31 +0000
Subject: Check classbook value. 11_vorbis_residue_book_index.patch by chrome.

Originally committed as revision 19989 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/vorbis_dec.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libavcodec')

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index ce5a139ef4..2d5e610da4 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -630,6 +630,10 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){
         res_setup->partition_size=get_bits(gb, 24)+1;
         res_setup->classifications=get_bits(gb, 6)+1;
         res_setup->classbook=get_bits(gb, 8);
+        if (res_setup->classbook>=vc->codebook_count) {
+            av_log(vc->avccontext, AV_LOG_ERROR, "classbook value %d out of range. \n", res_setup->classbook);
+            return 1;
+        }
 
         AV_DEBUG("    begin %d end %d part.size %d classif.s %d classbook %d \n", res_setup->begin, res_setup->end, res_setup->partition_size,
           res_setup->classifications, res_setup->classbook);
-- 
cgit v1.2.3