File libvorbis-r16597-CVE-2009-3379.diff of Package libvorbis - openSUSE Build Service

File libvorbis-r16597-CVE-2009-3379.diff of Package libvorbis

---
 lib/codebook.c |    1 +
 1 file changed, 1 insertion(+)

--- a/lib/codebook.c
+++ b/lib/codebook.c
@@ -198,6 +198,7 @@
       for(i=0;i<s->entries;){
 	long num=oggpack_read(opb,_ilog(s->entries-i));
 	if(num==-1)goto _eofout;
+        if(length>32)goto _errout;
 	for(j=0;j<num && i<s->entries;j++,i++)
 	  s->lengthlist[i]=length;
 	length++;

openSUSE Build Service is sponsored by