From d70fa8f131699fa1889cf65cc88563d000c4e1ef Mon Sep 17 00:00:00 2001
From: Google Chrome <>
Date: Wed, 23 Sep 2009 10:40:33 +0000
Subject: Sanity checks for magnitude and angle.
 26_vorbis_mag_angle_index.patch by chrome

Originally committed as revision 19983 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/vorbis_dec.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'libavcodec')

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index 532a060e7c..28417ee8f0 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -697,7 +697,14 @@ static int vorbis_parse_setup_hdr_mappings(vorbis_context *vc) {
             for(j=0;j<mapping_setup->coupling_steps;++j) {
                 mapping_setup->magnitude[j]=get_bits(gb, ilog(vc->audio_channels-1));
                 mapping_setup->angle[j]=get_bits(gb, ilog(vc->audio_channels-1));
-                // FIXME: sanity checks
+                if (mapping_setup->magnitude[j]>=vc->audio_channels) {
+                    av_log(vc->avccontext, AV_LOG_ERROR, "magnitude channel %d out of range. \n", mapping_setup->magnitude[j]);
+                    return 1;
+                }
+                if (mapping_setup->angle[j]>=vc->audio_channels) {
+                    av_log(vc->avccontext, AV_LOG_ERROR, "angle channel %d out of range. \n", mapping_setup->angle[j]);
+                    return 1;
+                }
             }
         } else {
             mapping_setup->coupling_steps=0;
-- 
cgit v1.2.3