From 58244aa7883406cffdbbdbab972ca36b4816191e Mon Sep 17 00:00:00 2001 From: Tim Terriberry Date: Wed, 13 Oct 2010 20:04:39 +0000 Subject: Forward port r14811 and r16073 from libvorbis. Additional bulletproofing to hufftree decoding; reject underpopulated trees up-front. Handle the case of single-entry codebooks. git-svn-id: https://svn.xiph.org/trunk/Tremor@17510 0101bb08-14d6-0310-b084-bc0e0c8e3800 --- sharedbook.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/sharedbook.c b/sharedbook.c index 4cfde94..03c2147 100644 --- a/sharedbook.c +++ b/sharedbook.c @@ -121,7 +121,20 @@ ogg_uint32_t *_make_words(long *l,long n,long sparsecount){ }else if(sparsecount==0)count++; } - + + /* sanity check the huffman tree; an underpopulated tree must be + rejected. The only exception is the one-node pseudo-nil tree, + which appears to be underpopulated because the tree doesn't + really exist; there's only one possible 'codeword' or zero bits, + but the above tree-gen code doesn't mark that. */ + if(sparsecount != 1){ + for(i=1;i<33;i++) + if(marker[i] & (0xffffffffUL>>(32-i))){ + _ogg_free(r); + return(NULL); + } + } + /* bitreverse the words because our bitwise packer/unpacker is LSb endian */ for(i=0,count=0;i