From 7b7f8414adb36c82bde909dd80aa425a0d2c3f86 Mon Sep 17 00:00:00 2001
From: Tim Terriberry <tterribe@xiph.org>
Date: Thu, 14 Oct 2010 01:17:08 +0000
Subject: Port r16597 from libvorbis.

Don't allow ordered codebooks with codeword lengths longer than 32 bits.


git-svn-id: https://svn.xiph.org/trunk/Tremor@17528 0101bb08-14d6-0310-b084-bc0e0c8e3800
---
 codebook.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/codebook.c b/codebook.c
index b920c01..3381f73 100644
--- a/codebook.c
+++ b/codebook.c
@@ -76,6 +76,7 @@ int vorbis_staticbook_unpack(oggpack_buffer *opb,static_codebook *s){
       for(i=0;i<s->entries;){
 	long num=oggpack_read(opb,_ilog(s->entries-i));
 	if(num==-1)goto _eofout;
+	if(length>32)goto _errout;
 	for(j=0;j<num && i<s->entries;j++,i++)
 	  s->lengthlist[i]=length;
 	length++;
-- 
cgit v1.2.1