From cdf1512ebac8b95afad3ec4352550f0f0240ce26 Mon Sep 17 00:00:00 2001
From: Google Chrome <>
Date: Wed, 23 Sep 2009 12:24:21 +0000
Subject: Check  res_setup->books. 15_more_residue_book_indexes.patch by
 chrome.

Originally committed as revision 19992 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/vorbis_dec.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'libavcodec')

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index 3daba8f340..ca43e99d9b 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -663,7 +663,12 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){
         for(j=0;j<res_setup->classifications;++j) {
             for(k=0;k<8;++k) {
                 if (cascade[j]&(1<<k)) {
-                        res_setup->books[j][k]=get_bits(gb, 8);
+                    int bits=get_bits(gb, 8);
+                    if (bits>=vc->codebook_count) {
+                        av_log(vc->avccontext, AV_LOG_ERROR, "book value %d out of range. \n", bits);
+                        return 1;
+                    }
+                    res_setup->books[j][k]=bits;
 
                     AV_DEBUG("     %d class casscade depth %d book: %d \n", j, k, res_setup->books[j][k]);
 
-- 
cgit v1.2.3