yyc12345/stb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix two invalid-file crashes found by fuzz testing

Browse Source
This commit is contained in:
Sean Barrett 2015-11-08 13:20:55 -08:00
parent 2073403a5f
commit 69a318bdb3
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
stb_vorbis.c
View File

@ -3715,6 +3715,8 @@ static int start_decoder(vorb *f)
ordered = get_bits(f,1);
c->sparse = ordered ? 0 : get_bits(f,1);
if (c->dimensions == 0 && c->entries != 0) return error(f, VORBIS_invalid_setup);
if (c->sparse)
lengths = (uint8 *) setup_temp_malloc(f, c->entries);
else
@ -3998,6 +4000,7 @@ static int start_decoder(vorb *f)
if (f->residue_types[i] > 2) return error(f, VORBIS_invalid_setup);
r->begin = get_bits(f, 24);
r->end = get_bits(f, 24);
if (r->end < r->begin) return error(f, VORBIS_invalid_setup);
r->part_size = get_bits(f,24)+1;
r->classifications = get_bits(f,6)+1;
r->classbook = get_bits(f,8);

2
tests/test_vorbis.c
View File

@ -8,7 +8,7 @@ extern void stb_vorbis_dumpmem(void);
int main(int argc, char **argv)
{
size_t memlen;
unsigned char *mem = stb_fileu("c:/x/vorbis/1.ogg", &memlen);
unsigned char *mem = stb_fileu("c:/x/vorbis/4.ogg", &memlen);
int chan, samplerate;
short *output;
int samples = stb_vorbis_decode_memory(mem, memlen, &chan, &samplerate, &output);