diff options
author | Petter Reinholdtsen <pere@hungry.com> | 2020-04-13 18:55:21 +0200 |
---|---|---|
committer | Ralph Giles <giles@thaumas.net> | 2020-04-15 09:03:19 -0700 |
commit | 0a4beb1d04f802c48016b11fb939690e24173168 (patch) | |
tree | 3d0c3a446cb901e06421dd493b4990d3c8f6c7a0 | |
parent | 4d963fe0b4ba3bdb45233de4b959ce2f36963f7a (diff) | |
download | libvorbis-git-0a4beb1d04f802c48016b11fb939690e24173168.tar.gz |
Instead of SIGFPE when bytespersample is zero or negative, return OV_EINVAL
Based on0002-Avoid-SIGFPE-when-bytespersample-is-zero.patch from Debian,
see https://bugs.debian.org/635906 , adjusted with input from Ralph
Giles.
Signed-off-by: Ralph Giles <giles@thaumas.net>
-rw-r--r-- | lib/vorbisfile.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/vorbisfile.c b/lib/vorbisfile.c index 6b7bbee0..272072e9 100644 --- a/lib/vorbisfile.c +++ b/lib/vorbisfile.c @@ -1964,6 +1964,7 @@ long ov_read_filter(OggVorbis_File *vf,char *buffer,int length, long samples; if(vf->ready_state<OPENED)return(OV_EINVAL); + if(word<=0)return(OV_EINVAL); while(1){ if(vf->ready_state==INITSET){ @@ -1989,6 +1990,8 @@ long ov_read_filter(OggVorbis_File *vf,char *buffer,int length, long channels=ov_info(vf,-1)->channels; long bytespersample=word * channels; vorbis_fpu_control fpu; + + if(channels<1||channels>255)return(OV_EINVAL); if(samples>length/bytespersample)samples=length/bytespersample; if(samples <= 0) |