Mercurial > SDL_sound_CoreAudio
comparison decoders/speex.c @ 527:b5ddeebce808
Check if Speex header has bogus data (CVE-2008-1686).
| author | Ryan C. Gordon <icculus@icculus.org> |
|---|---|
| date | Fri, 11 Apr 2008 19:53:57 +0000 |
| parents | 2df1f5c62d38 |
| children | a116d8f628a0 |
comparison
equal
deleted
inserted
replaced
| 526:2df1f5c62d38 | 527:b5ddeebce808 |
|---|---|
| 134 BAIL_IF_MACRO(!hptr, "SPEEX: Cannot read header", 0); | 134 BAIL_IF_MACRO(!hptr, "SPEEX: Cannot read header", 0); |
| 135 memcpy(&header, hptr, sizeof (SpeexHeader)); /* move to stack. */ | 135 memcpy(&header, hptr, sizeof (SpeexHeader)); /* move to stack. */ |
| 136 free(hptr); /* lame that this forces you to malloc... */ | 136 free(hptr); /* lame that this forces you to malloc... */ |
| 137 | 137 |
| 138 BAIL_IF_MACRO(header.mode >= SPEEX_NB_MODES, "SPEEX: Unknown mode", 0); | 138 BAIL_IF_MACRO(header.mode >= SPEEX_NB_MODES, "SPEEX: Unknown mode", 0); |
| 139 BAIL_IF_MACRO(header.mode < 0, "SPEEX: Unknown mode", 0); | |
| 139 mode = speex_mode_list[header.mode]; | 140 mode = speex_mode_list[header.mode]; |
| 140 BAIL_IF_MACRO(header.speex_version_id > 1, "SPEEX: Unknown version", 0); | 141 BAIL_IF_MACRO(header.speex_version_id > 1, "SPEEX: Unknown version", 0); |
| 141 BAIL_IF_MACRO(mode->bitstream_version < header.mode_bitstream_version, | 142 BAIL_IF_MACRO(mode->bitstream_version < header.mode_bitstream_version, |
| 142 "SPEEX: Unsupported bitstream version", 0); | 143 "SPEEX: Unsupported bitstream version", 0); |
| 143 BAIL_IF_MACRO(mode->bitstream_version > header.mode_bitstream_version, | 144 BAIL_IF_MACRO(mode->bitstream_version > header.mode_bitstream_version, |