File libvorbis-r16217-CVE-2009-2663.diff of Package libvorbis

---
 lib/info.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/lib/info.c
+++ b/lib/info.c
@@ -236,6 +236,7 @@
   int i;
   int vendorlen=oggpack_read(opb,32);
   if(vendorlen<0)goto err_out;
+  if(vendorlen>opb->storage-8)goto err_out;
   vc->vendor=_ogg_calloc(vendorlen+1,1);
   _v_readstring(opb,vc->vendor,vendorlen);
   vc->comments=oggpack_read(opb,32);
@@ -246,6 +247,7 @@
   for(i=0;i<vc->comments;i++){
     int len=oggpack_read(opb,32);
     if(len<0)goto err_out;
+    if(len>opb->storage-oggpack_bytes(opb))goto err_out;
 	vc->comment_lengths[i]=len;
     vc->user_comments[i]=_ogg_calloc(len+1,1);
     _v_readstring(opb,vc->user_comments[i],len);