virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

Second hunk from secrity fix from google.

Browse Source 
The hunk is not fully understood but it just makes a check tighter so its
safer for us to apply until it is fully understood.

Might fix issue 2550 (and Chrome issue 68115 and unknown CERT issues).
Our bugtracker issue though should stay open until this has been fully
investiagted

Patch by Frank Barchard, fbarchard at google

Originally committed as revision 26368 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Frank Barchard 2011-01-15 17:10:49 +00:00 committed by Michael Niedermayer
parent f734671925
commit 925aa96915
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libavcodec/vorbis_dec.c
View File

@ -661,7 +661,7 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc)
res_setup->partition_size = get_bits(gb, 24) + 1;
/* Validations to prevent a buffer overflow later. */
if (res_setup->begin>res_setup->end ||
res_setup->end > vc->avccontext->channels * vc->blocksize[1] / (res_setup->type == 2 ? 1 : 2) ||
res_setup->end > vc->avccontext->channels * vc->blocksize[1] / 2 ||
(res_setup->end-res_setup->begin) / res_setup->partition_size > V_MAX_PARTITIONS) {
av_log(vc->avccontext, AV_LOG_ERROR, "partition out of bounds: type, begin, end, size, blocksize: %"PRIdFAST16", %"PRIdFAST32", %"PRIdFAST32", %u, %"PRIdFAST32"\n", res_setup->type, res_setup->begin, res_setup->end, res_setup->partition_size, vc->blocksize[1] / 2);
return -1;