diff options
author | Guido Günther <agx@sigxcpu.org> | 2017-10-31 18:32:46 +0100 |
---|---|---|
committer | Thomas Daede <daede003@umn.edu> | 2017-12-11 00:11:28 -0800 |
commit | a79ec216cd119069c68b8f3542c6a425a74ab993 (patch) | |
tree | 137e2006159f61d78d90003f23d48fad46c8300d | |
parent | c78405727f8c5fcc9d1a8d23d57f16fc4c7dface (diff) | |
download | libvorbis-git-a79ec216cd119069c68b8f3542c6a425a74ab993.tar.gz |
CVE-2017-14633: Don't allow for more than 256 channels
Otherwise
for(i=0;i<vi->channels;i++){
/* the encoder setup assumes that all the modes used by any
specific bitrate tweaking use the same floor */
int submap=info->chmuxlist[i];
overreads later in mapping0_forward since chmuxlist is a fixed array of
256 elements max.
-rw-r--r-- | lib/info.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -588,7 +588,7 @@ int vorbis_analysis_headerout(vorbis_dsp_state *v, oggpack_buffer opb; private_state *b=v->backend_state; - if(!b||vi->channels<=0){ + if(!b||vi->channels<=0||vi->channels>256){ ret=OV_EFAULT; goto err_out; } |