Rockbox open source high quality audio player as a Music Player Daemon
mpris
rockbox
mpd
libadwaita
audio
rust
zig
deno
libtremor: merge upstream revision 17539 and 17540 'Additional codebook validity checks.'
git-svn-id: svn://svn.rockbox.org/rockbox/trunk@28771 a1c6a512-1295-4272-9138-f99709370657
+16
-4
+16
-4
apps/codecs/libtremor/codebook.c
+16
-4
apps/codecs/libtremor/codebook.c
···
42
42
43
43
/* codeword ordering.... length ordered or unordered? */
44
44
switch((int)oggpack_read(opb,1)){
45
-
case 0:
45
+
case 0:{
46
+
long unused;
47
+
/* allocated but unused entries? */
48
+
unused=oggpack_read(opb,1);
49
+
if((s->entries*(unused?1:5)+7)>>3>opb->storage-oggpack_bytes(opb))
50
+
goto _eofout;
46
51
/* unordered */
47
52
s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries);
48
53
49
54
/* allocated but unused entries? */
50
-
if(oggpack_read(opb,1)){
55
+
if(unused){
51
56
/* yes, unused entries */
52
57
53
58
for(i=0;i<s->entries;i++){
···
68
73
}
69
74
70
75
break;
76
+
}
71
77
case 1:
72
78
/* ordered */
73
79
{
74
80
long length=oggpack_read(opb,5)+1;
81
+
if(length==0)goto _eofout;
75
82
s->lengthlist=(long *)_ogg_malloc(sizeof(*s->lengthlist)*s->entries);
76
83
77
84
for(i=0;i<s->entries;){
78
85
long num=oggpack_read(opb,_ilog(s->entries-i));
79
86
if(num==-1)goto _eofout;
80
-
if(length>32)goto _errout;
81
-
for(j=0;j<num && i<s->entries;j++,i++)
87
+
if(length>32 || num>s->entries-i ||
88
+
(num>0 && (num-1)>>(length>>1)>>((length+1)>>1))>0){
89
+
goto _errout;
90
+
}
91
+
for(j=0;j<num;j++,i++)
82
92
s->lengthlist[i]=length;
83
93
length++;
84
94
}
···
116
126
}
117
127
118
128
/* quantized values */
129
+
if((quantvals*s->q_quant+7)>>3>opb->storage-oggpack_bytes(opb))
130
+
goto _eofout;
119
131
s->quantlist=(long *)_ogg_malloc(sizeof(*s->quantlist)*quantvals);
120
132
for(i=0;i<quantvals;i++)
121
133
s->quantlist[i]=oggpack_read(opb,s->q_quant);