wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity
8f8a33e815
gecko/media/libtheora/bug498824.patch
Tim Terriberry 2f36952b55 Bug 498824 - libtheora update - r=roc
2009-06-19 15:12:54 +12:00

56 lines
2.1 KiB
Diff
Raw Blame History

diff --git a/media/libtheora/lib/dec/decinfo.c b/media/libtheora/lib/dec/decinfo.c
index e51d63e..d08d6b6 100644
--- a/media/libtheora/lib/dec/decinfo.c
+++ b/media/libtheora/lib/dec/decinfo.c
@@ -11,7 +11,7 @@
********************************************************************
function:
- last mod: $Id: decinfo.c 15400 2008-10-15 12:10:58Z tterribe $
+ last mod: $Id$
********************************************************************/
@@ -111,14 +111,15 @@ static int oc_comment_unpack(oggpack_buffer *_opb,th_comment *_tc){
int i;
/*Read the vendor string.*/
len=oc_unpack_length(_opb);
- if(len<0||theorapackB_bytes(_opb)+len>_opb->storage)return TH_EBADHEADER;
+ if(len<0||len>_opb->storage-theorapackB_bytes(_opb))return TH_EBADHEADER;
_tc->vendor=_ogg_malloc((size_t)len+1);
oc_unpack_octets(_opb,_tc->vendor,len);
_tc->vendor[len]='\0';
/*Read the user comments.*/
_tc->comments=(int)oc_unpack_length(_opb);
- if(_tc->comments<0||_tc->comments>(LONG_MAX>>2)||
- theorapackB_bytes(_opb)+((long)_tc->comments<<2)>_opb->storage){
+ len=_tc->comments;
+ if(len<0||len>(LONG_MAX>>2)||len<<2>_opb->storage-theorapackB_bytes(_opb)){
+ _tc->comments=0;
return TH_EBADHEADER;
}
_tc->comment_lengths=(int *)_ogg_malloc(
@@ -127,7 +128,7 @@ static int oc_comment_unpack(oggpack_buffer *_opb,th_comment *_tc){
_tc->comments*sizeof(_tc->user_comments[0]));
for(i=0;i<_tc->comments;i++){
len=oc_unpack_length(_opb);
- if(len<0||theorapackB_bytes(_opb)+len>_opb->storage){
+ if(len<0||len>_opb->storage-theorapackB_bytes(_opb)){
_tc->comments=i;
return TH_EBADHEADER;
}
@@ -224,12 +225,10 @@ static int oc_dec_headerin(oggpack_buffer *_opb,th_info *_info,
int th_decode_headerin(th_info *_info,th_comment *_tc,
th_setup_info **_setup,ogg_packet *_op){
oggpack_buffer opb;
- int ret;
if(_op==NULL)return TH_EBADHEADER;
if(_info==NULL)return TH_EFAULT;
theorapackB_readinit(&opb,_op->packet,_op->bytes);
- ret=oc_dec_headerin(&opb,_info,_tc,_setup,_op);
- return ret;
+ return oc_dec_headerin(&opb,_info,_tc,_setup,_op);
}
void th_setup_free(th_setup_info *_setup){
Reference in New Issue View Git Blame Copy Permalink