Mercurial > SDL_sound_CoreAudio
diff decoders/speex.c @ 527:b5ddeebce808
Check if Speex header has bogus data (CVE-2008-1686).
| author | Ryan C. Gordon <icculus@icculus.org> |
|---|---|
| date | Fri, 11 Apr 2008 19:53:57 +0000 |
| parents | 2df1f5c62d38 |
| children | a116d8f628a0 |
line wrap: on
line diff
--- a/decoders/speex.c Mon Aug 06 09:44:02 2007 +0000 +++ b/decoders/speex.c Fri Apr 11 19:53:57 2008 +0000 @@ -136,6 +136,7 @@ free(hptr); /* lame that this forces you to malloc... */ BAIL_IF_MACRO(header.mode >= SPEEX_NB_MODES, "SPEEX: Unknown mode", 0); + BAIL_IF_MACRO(header.mode < 0, "SPEEX: Unknown mode", 0); mode = speex_mode_list[header.mode]; BAIL_IF_MACRO(header.speex_version_id > 1, "SPEEX: Unknown version", 0); BAIL_IF_MACRO(mode->bitstream_version < header.mode_bitstream_version,