Second hunk from secrity fix from google.

The hunk is not fully understood but it just makes a check tighter so its safer for us to apply until it is fully understood. Might fix issue 2550 (and Chrome issue 68115 and unknown CERT issues). Our bugtracker issue though should stay open until this has been fully investiagted Patch by Frank Barchard, fbarchard at google Originally committed as revision 26368 to svn://svn.ffmpeg.org/ffmpeg/trunk
14 years ago · 925aa96915
parent f734671925
commit 925aa96915
1 changed files with 1 additions and 1 deletions
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@ -661,7 +661,7 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc)
        res_setup->partition_size = get_bits(gb, 24) + 1;
        /* Validations to prevent a buffer overflow later. */
        if (res_setup->begin>res_setup->end ||
-            res_setup->end > vc->avccontext->channels * vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
+            res_setup->end > vc->avccontext->channels * vc->blocksize[1] / 2 ||
            (res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) {
            av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIdFAST16", %"PRIdFAST32", %"PRIdFAST32", %u, %"PRIdFAST32"\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1] / 2);
            return -1;