summaryrefslogtreecommitdiff
path: root/res012.c
diff options
context:
space:
mode:
Diffstat (limited to 'res012.c')
-rw-r--r--res012.c13
1 files changed, 5 insertions, 8 deletions
diff --git a/res012.c b/res012.c
index 38c3707..6c1d4e1 100644
--- a/res012.c
+++ b/res012.c
@@ -115,10 +115,6 @@ vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
/* verify the phrasebook is not specifying an impossible or
inconsistent partitioning scheme. */
- /* modify the phrasebook ranging check from r16327; an early beta
- encoder had a bug where it used an oversized phrasebook by
- accident. These files should continue to be playable, but don't
- allow an exploit */
{
int entries = ci->book_param[info->groupbook]->entries;
int dim = ci->book_param[info->groupbook]->dim;
@@ -128,7 +124,7 @@ vorbis_info_residue *res0_unpack(vorbis_info *vi,oggpack_buffer *opb){
if(partvals > entries) goto errout;
dim--;
}
- info->partvals = partvals;
+ if(partvals != entries) goto errout;
}
return(info);
@@ -172,7 +168,8 @@ vorbis_look_residue *res0_look(vorbis_dsp_state *vd,vorbis_info_mode *vm,
}
}
- look->partvals=look->phrasebook->entries;
+ look->partvals=look->parts;
+ for(j=1;j<dim;j++)look->partvals*=look->parts;
look->stages=maxstage;
look->decodemap=(int **)_ogg_malloc(look->partvals*sizeof(*look->decodemap));
for(j=0;j<look->partvals;j++){
@@ -225,7 +222,7 @@ static int _01inverse(vorbis_block *vb,vorbis_look_residue *vl,
/* fetch the partition word for each channel */
for(j=0;j<ch;j++){
int temp=vorbis_book_decode(look->phrasebook,&vb->opb);
- if(temp==-1 || temp>=info->partvals)goto eopbreak;
+ if(temp==-1)goto eopbreak;
partword[j][l]=look->decodemap[temp];
if(partword[j][l]==NULL)goto errout;
}
@@ -307,7 +304,7 @@ int res2_inverse(vorbis_block *vb,vorbis_look_residue *vl,
if(s==0){
/* fetch the partition word */
int temp=vorbis_book_decode(look->phrasebook,&vb->opb);
- if(temp==-1 || temp>info->partvals)goto eopbreak;
+ if(temp==-1)goto eopbreak;
partword[l]=look->decodemap[temp];
if(partword[l]==NULL)goto errout;
}
View Lorry Controller Status