Mercurial > SDL_sound_CoreAudio
changeset 528:61a317171ef0 stable-1.0
Merge r536:537 from trunk: Speex bogus data check.
| author | Ryan C. Gordon <icculus@icculus.org> |
|---|---|
| date | Fri, 11 Apr 2008 19:55:10 +0000 |
| parents | 50bb9a6cebfe |
| children | 4546fd3f664a |
| files | CHANGELOG decoders/speex.c |
| diffstat | 2 files changed, 2 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/CHANGELOG Mon Aug 06 09:44:02 2007 +0000 +++ b/CHANGELOG Fri Apr 11 19:55:10 2008 +0000 @@ -2,6 +2,7 @@ * CHANGELOG. */ +04112008 - Check if Speex header has bogus data (CVE-2008-1686). 08062007 - Updated my email address. 07152007 - Minor correction in Timidity resampling code (Thanks, Sam!). 07062007 - Fixed uninitialized buffer in mpglib. (Thanks, Phil!).
--- a/decoders/speex.c Mon Aug 06 09:44:02 2007 +0000 +++ b/decoders/speex.c Fri Apr 11 19:55:10 2008 +0000 @@ -136,6 +136,7 @@ free(hptr); /* lame that this forces you to malloc... */ BAIL_IF_MACRO(header.mode >= SPEEX_NB_MODES, "SPEEX: Unknown mode", 0); + BAIL_IF_MACRO(header.mode < 0, "SPEEX: Unknown mode", 0); mode = speex_mode_list[header.mode]; BAIL_IF_MACRO(header.speex_version_id > 1, "SPEEX: Unknown version", 0); BAIL_IF_MACRO(mode->bitstream_version < header.mode_bitstream_version,