From 736d36b79231d72699dce3449fc9d80c46d2aa19 Mon Sep 17 00:00:00 2001
From: Google Chrome <>
Date: Tue, 9 Feb 2010 19:52:27 +0000
Subject: [PATCH] Check  res_setup->books. 15_more_residue_book_indexes.patch
 by chrome.

r19992 by michael


Originally committed as revision 21728 to svn://svn.ffmpeg.org/ffmpeg/branches/0.5
---
 libavcodec/vorbis_dec.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vorbis_dec.c b/libavcodec/vorbis_dec.c
index cfcb29c42d..e596d48d2c 100644
--- a/libavcodec/vorbis_dec.c
+++ b/libavcodec/vorbis_dec.c
@@ -668,7 +668,12 @@ static int vorbis_parse_setup_hdr_residues(vorbis_context *vc){
         for(j=0;j<res_setup->classifications;++j) {
             for(k=0;k<8;++k) {
                 if (cascade[j]&(1<<k)) {
-                        res_setup->books[j][k]=get_bits(gb, 8);
+                    int bits=get_bits(gb, 8);
+                    if (bits>=vc->codebook_count) {
+                        av_log(vc->avccontext, AV_LOG_ERROR, "book value %d out of range. \n", bits);
+                        return 1;
+                    }
+                    res_setup->books[j][k]=bits;
 
                     AV_DEBUG("     %d class casscade depth %d book: %d \n", j, k, res_setup->books[j][k]);